Received random unexpected verification code
August 31, 2017 8:48 AM Subscribe
I just received a random verification code text on my phone. I am aware of the two-factor authentication scams. The text did not identify what account or service the code was for, the phone number doesn't come up on searches (and doesn't answer when called). I'm at a loss for what I should be guarding against.
As I said, I know about the phone spoofing scams, and the phishing scams using verification codes.
The text was from an 812 number with a 307 prefix. Googling it didn't give any results. I also tried googling just the area code and prefix plus "verification code" and didn't get anything relevant.
The elite message was "Verification Code:" followed by four capital letters and two numbers. No links, and no clue to the identity of the sender.
I searched my text history and I don't have any prior verification codes from that area code or in that format.
Google, Apple, and just about everyone mention their name in the two-step authorization texts they send.
I can't think who sent this--so not sure what to monitor.
Any ideas? Thanks!
As I said, I know about the phone spoofing scams, and the phishing scams using verification codes.
The text was from an 812 number with a 307 prefix. Googling it didn't give any results. I also tried googling just the area code and prefix plus "verification code" and didn't get anything relevant.
The elite message was "Verification Code:" followed by four capital letters and two numbers. No links, and no clue to the identity of the sender.
I searched my text history and I don't have any prior verification codes from that area code or in that format.
Google, Apple, and just about everyone mention their name in the two-step authorization texts they send.
I can't think who sent this--so not sure what to monitor.
Any ideas? Thanks!
Someone probably fatfingered their own phone number into some system.
posted by erst at 8:53 AM on August 31, 2017 [2 favorites]
posted by erst at 8:53 AM on August 31, 2017 [2 favorites]
Do nothing.
posted by bondcliff at 8:55 AM on August 31, 2017 [1 favorite]
posted by bondcliff at 8:55 AM on August 31, 2017 [1 favorite]
Response by poster: Missed the edit window, but where I wrote "elite message," I meant "entire message."
Yes, hoping for fat fingers--not sticky fingers stealing my precious logins.
posted by Admiral Haddock at 8:55 AM on August 31, 2017
Yes, hoping for fat fingers--not sticky fingers stealing my precious logins.
posted by Admiral Haddock at 8:55 AM on August 31, 2017
I have no idea what service this is for. My guess would also be that someone fatfingered their own number and that this is an innocent mistake.
BUT. I am going to copy and paste some advice here from an answer of mine on a previous sketchy-account-things question, since if someone IS trying to maliciously get into an account of yours the next step after text code verification might be email, and why not CYA in that department. (Advice for google/gmail below.)
BUT. I am going to copy and paste some advice here from an answer of mine on a previous sketchy-account-things question, since if someone IS trying to maliciously get into an account of yours the next step after text code verification might be email, and why not CYA in that department. (Advice for google/gmail below.)
If I were you, one thing I'd do is immediately go and remove permissions from all connected apps and change my password (again, I know you just did it) now that 2 factor auth is on.posted by phunniemee at 8:55 AM on August 31, 2017 [4 favorites]
On desktop view (I don't know where this hides on mobile) click on your google account and go to the "my account" page. The first card on that page should be called "sign in and security" and under that heading is a link to review your connected apps and sites. Click that. On that page you can look through all of the apps and websites you (or anyone else) have given your google account permissions to. Go through those and just axe everything.
Then go back to the "my account" page. The middle card is "personal info and privacy" and under that is a link to your personal info. Go there and check that your email and phone number and any other contact info used for account recovery actually belongs to you. Delete anything you don't recognize.
Then, if you scroll to the bottom of your inbox on gmail, you'll see a little thing to the right that says "last account activity: x mins" and a link that says details. Go to the details view and sign out of all other web sessions.
Once you've removed your info from everywhere your account is signed into, change the password again. That should at least make sure that anyone who has your account open somewhere would have to sign in again, which they shouldn't be able to because it's a totally new password and all the recovery contacts are your own.
Agreeing that it's probably just someone who was trying to enter their own number and put yours by mistake.
Also, as far as not identifying the service, I looked through my SMS history and found that while most of them identify the service, I've also got some legitimate verification messages that don't. So, not too unusual there.
posted by DevilsAdvocate at 8:57 AM on August 31, 2017
Also, as far as not identifying the service, I looked through my SMS history and found that while most of them identify the service, I've also got some legitimate verification messages that don't. So, not too unusual there.
posted by DevilsAdvocate at 8:57 AM on August 31, 2017
I agree that this was probably someone's mistake when entering their own phone number. The second possibility is that someone tried to deliberately sign your phone number up for something, or sign in with your number. The verification step did its job and stopped that person. Either way, go on about your day; there's nothing for you to do.
Verification numbers like this come from a variety of middleman services, so the sender of the text is not necessarily connected to the service that's attempting verification, but rather they hired an SMS-sending service who owns one of those oddball text-only numbers. There's no reason Google and Apple, and the weirdest dating site/apps on the planet can't all share the same SMS-sending service, so even if you get a verification or other business text from the same number, it doesn't necessarily mean that the known business is the same as the one that send the text that you're asking about.
posted by Sunburnt at 9:21 AM on August 31, 2017
Verification numbers like this come from a variety of middleman services, so the sender of the text is not necessarily connected to the service that's attempting verification, but rather they hired an SMS-sending service who owns one of those oddball text-only numbers. There's no reason Google and Apple, and the weirdest dating site/apps on the planet can't all share the same SMS-sending service, so even if you get a verification or other business text from the same number, it doesn't necessarily mean that the known business is the same as the one that send the text that you're asking about.
posted by Sunburnt at 9:21 AM on August 31, 2017
It is probably nothing. However, when this happened to me, in retrospect it was the first hint that i was entering identity theft hell.
One seemingly random verification message turned into a bunch, and then i started getting statements from Macy's for $200 worth of socks i did not buy. I wasn't able to track any of the verification texts directly to any of the breaches i experienced - rather, i just think someone had my info and was attempting to use it any way they could.
This probably isn't happening to you,. But i think you're right to be a little concerned. Treat it as a small red flag. It might be a good time to do a little security check all around - call your bank, check your credit cards and credit report, glance through your spam folder, change some passwords. That's what i wish I'd done.
posted by jessicapierce at 10:29 AM on August 31, 2017 [2 favorites]
One seemingly random verification message turned into a bunch, and then i started getting statements from Macy's for $200 worth of socks i did not buy. I wasn't able to track any of the verification texts directly to any of the breaches i experienced - rather, i just think someone had my info and was attempting to use it any way they could.
This probably isn't happening to you,. But i think you're right to be a little concerned. Treat it as a small red flag. It might be a good time to do a little security check all around - call your bank, check your credit cards and credit report, glance through your spam folder, change some passwords. That's what i wish I'd done.
posted by jessicapierce at 10:29 AM on August 31, 2017 [2 favorites]
This thread is closed to new comments.
I would just ignore it unless it starts happening a lot.
posted by Lyn Never at 8:52 AM on August 31, 2017 [17 favorites]