SCAM LIBRARY · PHISHING & LINKS
The one-time-code (2FA) theft
Scammers trick you into sharing a one-time code that's meant to protect your account, then use it to break in while pretending to be you.
Documented by the FTC & FBI IC3 · reviewed 2026-07-06
How it works
You receive an urgent message (text, email, or call) claiming there's suspicious activity on your account or a login attempt, and asking you to provide a one-time code that just arrived on your phone or email. The message feels official and creates pressure to act fast. Once you share that code, the scammer can access your account.
Red flags
- You're asked to share a code that arrived in a text or email—legitimate companies never ask for this.
- The message creates urgent pressure (account locked, immediate action needed, verify now).
- The sender claims to be from a company but the message came through an unexpected channel or looks slightly off.
What to do
- If you receive such a message, do not share any code. Contact the company directly using the phone number or website you know is real.
- Check your actual account login to see if anything suspicious is happening (don't click links in the message).
- Report the message and the sender to reportfraud.ftc.gov so others are warned.
Spotted this or lost money? Report it at reportfraud.ftc.gov. This is general educational information, not legal or financial advice — and ScamVet never asks for your identity or account details.