“This used to be my phone number”I gave my cell number to a stranger on the internet. Have I fallen victim to a scam?How to trace virtual phone number?How can someone spoof texts with my phone number?Phone Call from weird numberPhone number setup for securityPrivacy concern: Services requiring a phone number for signing up
Puzzle Hunt 02: Echoes of Change
What would make the internet go away?
Why did Leia not want to tell Han about Luke being her twin brother?
What is the role of Shutter Speed while using a Manual Flash?
Visiting a place in Brussels where Pink Floyd recorded a video
Translation Golf XLIX - An Accurate Shot
Need Good OOP Design For World and Countries Problem
What (if anything) could have caused all three shuttle main engines to stop at the same time?
How to use FDE without needing to share the encryption password
Surfacing out of a sunken ship/submarine - Survival Tips
A professor commented that my research is too simple as compared to my colleagues. What does that mean about my future prospects?
Do airplanes need brakes in the air?
How to avoid answering "what were you sick with"?
Speaking German abroad and feeling condescended to
Why do three series connected 1.2 V NiMH batteries read 4.16 V when charged?
Get the last dates from multiple columns
How to start toward financial independence
An historical mystery : Poincaré’s silence on Lebesgue integral and measure theory?
HR trying to sabotage my wife's work because we're married
Fermat's Last Theorem, mod n
Hot Glue Gun NTC Heating Element?
Is it possible to keep cat litter on balcony during winter (down to -10°C)
Do Macs come with any programming language available from the Terminal?
Immortal Passing Ritual
“This used to be my phone number”
I gave my cell number to a stranger on the internet. Have I fallen victim to a scam?How to trace virtual phone number?How can someone spoof texts with my phone number?Phone Call from weird numberPhone number setup for securityPrivacy concern: Services requiring a phone number for signing up
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
I added a new phone line and someone called claiming to be the previous owner of the phone number. He requested that I forward information a text message (He wanted me to forward 2 Factor Authentication information that would be sent to my new phone number via SMS). Naturally, I refused the request. I do not think that they are too happy with the refusal.
Are there are any risks I should be aware of or precautions that I should take, given that there is some 'funny business' afoot?
CLARIFICATION: The caller does not know my name or any of my accounts. If the caller is a bad actor, then he is compromising someone else's account because the phone number he called was recently issued to me and I do not give it out to anyone, because I use a call forwarding service. Said phone number has not been given out to anyone
phone iphone
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
|
show 3 more comments
I added a new phone line and someone called claiming to be the previous owner of the phone number. He requested that I forward information a text message (He wanted me to forward 2 Factor Authentication information that would be sent to my new phone number via SMS). Naturally, I refused the request. I do not think that they are too happy with the refusal.
Are there are any risks I should be aware of or precautions that I should take, given that there is some 'funny business' afoot?
CLARIFICATION: The caller does not know my name or any of my accounts. If the caller is a bad actor, then he is compromising someone else's account because the phone number he called was recently issued to me and I do not give it out to anyone, because I use a call forwarding service. Said phone number has not been given out to anyone
phone iphone
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
16
Sometimes we're just too paranoid. It's quite possible the person isn't lying, and it WAS their phone number. It's also possible this is some form of fraud. If you were feeling nice I suppose you could offer to unlock whatever account they have for them instead of passing on the information directly. I don't really see what the harm is if you haven't set 2FA anywhere yourself, especially if you handle all resets. Then again, it's also possible it's someone ELSES phone number, and you'd be resetting a completely different person's account.
– Steve Sether
Jul 18 at 17:30
3
I actually texted someone with my old phone number asking for the code once. Unfortunately, they never replied to me, so I had to create a new account.
– Lucas Ramage
Jul 18 at 18:37
Possibly relevant. security.stackexchange.com/questions/182567/…
– JMac
Jul 19 at 0:42
9
"Naturally, I refused the request." -- In cases like this, it is often more appropriate to simply offer no response whatsoever. There is no guarantee that the number has been re-issued yet, or that it is to a device that can do SMS with a human... let them wonder.
– trognanders
Jul 19 at 19:17
@trognanders - If it were a disconnected conversation (text, email), absolutely, no response would be best. But the OP was on a phone call with the other person. Simply hanging up when asked to forward the information wouldn't improve anything, the caller already knows he's reached someone. Morever, if it's a truthful person at the other end, telling them you won't do it is useful and appropriate. If it's a scammer, at that point doesn't much matter whether you say no or just hang up, they'll still try again. :-)
– T.J. Crowder
Jul 20 at 13:09
|
show 3 more comments
I added a new phone line and someone called claiming to be the previous owner of the phone number. He requested that I forward information a text message (He wanted me to forward 2 Factor Authentication information that would be sent to my new phone number via SMS). Naturally, I refused the request. I do not think that they are too happy with the refusal.
Are there are any risks I should be aware of or precautions that I should take, given that there is some 'funny business' afoot?
CLARIFICATION: The caller does not know my name or any of my accounts. If the caller is a bad actor, then he is compromising someone else's account because the phone number he called was recently issued to me and I do not give it out to anyone, because I use a call forwarding service. Said phone number has not been given out to anyone
phone iphone
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
I added a new phone line and someone called claiming to be the previous owner of the phone number. He requested that I forward information a text message (He wanted me to forward 2 Factor Authentication information that would be sent to my new phone number via SMS). Naturally, I refused the request. I do not think that they are too happy with the refusal.
Are there are any risks I should be aware of or precautions that I should take, given that there is some 'funny business' afoot?
CLARIFICATION: The caller does not know my name or any of my accounts. If the caller is a bad actor, then he is compromising someone else's account because the phone number he called was recently issued to me and I do not give it out to anyone, because I use a call forwarding service. Said phone number has not been given out to anyone
phone iphone
phone iphone
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
edited Jul 21 at 20:57
Greenonline
2042 gold badges4 silver badges14 bronze badges
2042 gold badges4 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
asked Jul 18 at 16:12
gatorbackgatorback
8391 gold badge8 silver badges14 bronze badges
8391 gold badge8 silver badges14 bronze badges
16
Sometimes we're just too paranoid. It's quite possible the person isn't lying, and it WAS their phone number. It's also possible this is some form of fraud. If you were feeling nice I suppose you could offer to unlock whatever account they have for them instead of passing on the information directly. I don't really see what the harm is if you haven't set 2FA anywhere yourself, especially if you handle all resets. Then again, it's also possible it's someone ELSES phone number, and you'd be resetting a completely different person's account.
– Steve Sether
Jul 18 at 17:30
3
I actually texted someone with my old phone number asking for the code once. Unfortunately, they never replied to me, so I had to create a new account.
– Lucas Ramage
Jul 18 at 18:37
Possibly relevant. security.stackexchange.com/questions/182567/…
– JMac
Jul 19 at 0:42
9
"Naturally, I refused the request." -- In cases like this, it is often more appropriate to simply offer no response whatsoever. There is no guarantee that the number has been re-issued yet, or that it is to a device that can do SMS with a human... let them wonder.
– trognanders
Jul 19 at 19:17
@trognanders - If it were a disconnected conversation (text, email), absolutely, no response would be best. But the OP was on a phone call with the other person. Simply hanging up when asked to forward the information wouldn't improve anything, the caller already knows he's reached someone. Morever, if it's a truthful person at the other end, telling them you won't do it is useful and appropriate. If it's a scammer, at that point doesn't much matter whether you say no or just hang up, they'll still try again. :-)
– T.J. Crowder
Jul 20 at 13:09
|
show 3 more comments
16
Sometimes we're just too paranoid. It's quite possible the person isn't lying, and it WAS their phone number. It's also possible this is some form of fraud. If you were feeling nice I suppose you could offer to unlock whatever account they have for them instead of passing on the information directly. I don't really see what the harm is if you haven't set 2FA anywhere yourself, especially if you handle all resets. Then again, it's also possible it's someone ELSES phone number, and you'd be resetting a completely different person's account.
– Steve Sether
Jul 18 at 17:30
3
I actually texted someone with my old phone number asking for the code once. Unfortunately, they never replied to me, so I had to create a new account.
– Lucas Ramage
Jul 18 at 18:37
Possibly relevant. security.stackexchange.com/questions/182567/…
– JMac
Jul 19 at 0:42
9
"Naturally, I refused the request." -- In cases like this, it is often more appropriate to simply offer no response whatsoever. There is no guarantee that the number has been re-issued yet, or that it is to a device that can do SMS with a human... let them wonder.
– trognanders
Jul 19 at 19:17
@trognanders - If it were a disconnected conversation (text, email), absolutely, no response would be best. But the OP was on a phone call with the other person. Simply hanging up when asked to forward the information wouldn't improve anything, the caller already knows he's reached someone. Morever, if it's a truthful person at the other end, telling them you won't do it is useful and appropriate. If it's a scammer, at that point doesn't much matter whether you say no or just hang up, they'll still try again. :-)
– T.J. Crowder
Jul 20 at 13:09
16
16
Sometimes we're just too paranoid. It's quite possible the person isn't lying, and it WAS their phone number. It's also possible this is some form of fraud. If you were feeling nice I suppose you could offer to unlock whatever account they have for them instead of passing on the information directly. I don't really see what the harm is if you haven't set 2FA anywhere yourself, especially if you handle all resets. Then again, it's also possible it's someone ELSES phone number, and you'd be resetting a completely different person's account.
– Steve Sether
Jul 18 at 17:30
Sometimes we're just too paranoid. It's quite possible the person isn't lying, and it WAS their phone number. It's also possible this is some form of fraud. If you were feeling nice I suppose you could offer to unlock whatever account they have for them instead of passing on the information directly. I don't really see what the harm is if you haven't set 2FA anywhere yourself, especially if you handle all resets. Then again, it's also possible it's someone ELSES phone number, and you'd be resetting a completely different person's account.
– Steve Sether
Jul 18 at 17:30
3
3
I actually texted someone with my old phone number asking for the code once. Unfortunately, they never replied to me, so I had to create a new account.
– Lucas Ramage
Jul 18 at 18:37
I actually texted someone with my old phone number asking for the code once. Unfortunately, they never replied to me, so I had to create a new account.
– Lucas Ramage
Jul 18 at 18:37
Possibly relevant. security.stackexchange.com/questions/182567/…
– JMac
Jul 19 at 0:42
Possibly relevant. security.stackexchange.com/questions/182567/…
– JMac
Jul 19 at 0:42
9
9
"Naturally, I refused the request." -- In cases like this, it is often more appropriate to simply offer no response whatsoever. There is no guarantee that the number has been re-issued yet, or that it is to a device that can do SMS with a human... let them wonder.
– trognanders
Jul 19 at 19:17
"Naturally, I refused the request." -- In cases like this, it is often more appropriate to simply offer no response whatsoever. There is no guarantee that the number has been re-issued yet, or that it is to a device that can do SMS with a human... let them wonder.
– trognanders
Jul 19 at 19:17
@trognanders - If it were a disconnected conversation (text, email), absolutely, no response would be best. But the OP was on a phone call with the other person. Simply hanging up when asked to forward the information wouldn't improve anything, the caller already knows he's reached someone. Morever, if it's a truthful person at the other end, telling them you won't do it is useful and appropriate. If it's a scammer, at that point doesn't much matter whether you say no or just hang up, they'll still try again. :-)
– T.J. Crowder
Jul 20 at 13:09
@trognanders - If it were a disconnected conversation (text, email), absolutely, no response would be best. But the OP was on a phone call with the other person. Simply hanging up when asked to forward the information wouldn't improve anything, the caller already knows he's reached someone. Morever, if it's a truthful person at the other end, telling them you won't do it is useful and appropriate. If it's a scammer, at that point doesn't much matter whether you say no or just hang up, they'll still try again. :-)
– T.J. Crowder
Jul 20 at 13:09
|
show 3 more comments
2 Answers
2
active
oldest
votes
It's a known scam attempt. The caller probably compromised one of your accounts, and got stopped by the 2FA token sent to your phone. If you send them the token, your account is fully compromised. Or, as Nic pointed very well, may be the account of someone else.
What you do?
First: don't send them any code or token. That will prevent them for compromising your account.
Second: If your provider offers any alternatives, replace SMS as 2FA on every account you have with a more secure solution, like a hardware or software TOTP token. SMS is too insecure for that. 1 2 3 4
Third: change your passwords. If you don't have a password manager keeping different accounts for each service, install and setup one now. It will take time, but takes way less time than to recover from any mischief an attacker can do with your online services. While you are changing passwords and storing them on your password manager, switch the 2FA from SMS to TOTP to have a safer 2FA.
Don't trust your brain to pick passwords. They are guessable, and a computer can try billions of combinations per second. Any password manager, no matter how primitive, is better than us at creating password.
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Jul 21 at 21:20
If they were a bad actor, and they were hard core, they just would have had your number slammed to their SIM. If they have lost access to their bank, bitcoin, paypal account, there are other ways a genuine owner can go? This is why you need a second number for 2FA if a number is required.
– mckenzm
Jul 22 at 0:07
add a comment
|
This is probably a attempt to gain access to the account that sent the code this is a common method of bypassing 2FA it works by once a message is sent with the code a attacker will text you and say that it is there old phone number and they need the code this might be someone who actually needs the code however more likely it is a attacker trying to gain access to your account
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f213716%2fthis-used-to-be-my-phone-number%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It's a known scam attempt. The caller probably compromised one of your accounts, and got stopped by the 2FA token sent to your phone. If you send them the token, your account is fully compromised. Or, as Nic pointed very well, may be the account of someone else.
What you do?
First: don't send them any code or token. That will prevent them for compromising your account.
Second: If your provider offers any alternatives, replace SMS as 2FA on every account you have with a more secure solution, like a hardware or software TOTP token. SMS is too insecure for that. 1 2 3 4
Third: change your passwords. If you don't have a password manager keeping different accounts for each service, install and setup one now. It will take time, but takes way less time than to recover from any mischief an attacker can do with your online services. While you are changing passwords and storing them on your password manager, switch the 2FA from SMS to TOTP to have a safer 2FA.
Don't trust your brain to pick passwords. They are guessable, and a computer can try billions of combinations per second. Any password manager, no matter how primitive, is better than us at creating password.
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Jul 21 at 21:20
If they were a bad actor, and they were hard core, they just would have had your number slammed to their SIM. If they have lost access to their bank, bitcoin, paypal account, there are other ways a genuine owner can go? This is why you need a second number for 2FA if a number is required.
– mckenzm
Jul 22 at 0:07
add a comment
|
It's a known scam attempt. The caller probably compromised one of your accounts, and got stopped by the 2FA token sent to your phone. If you send them the token, your account is fully compromised. Or, as Nic pointed very well, may be the account of someone else.
What you do?
First: don't send them any code or token. That will prevent them for compromising your account.
Second: If your provider offers any alternatives, replace SMS as 2FA on every account you have with a more secure solution, like a hardware or software TOTP token. SMS is too insecure for that. 1 2 3 4
Third: change your passwords. If you don't have a password manager keeping different accounts for each service, install and setup one now. It will take time, but takes way less time than to recover from any mischief an attacker can do with your online services. While you are changing passwords and storing them on your password manager, switch the 2FA from SMS to TOTP to have a safer 2FA.
Don't trust your brain to pick passwords. They are guessable, and a computer can try billions of combinations per second. Any password manager, no matter how primitive, is better than us at creating password.
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Jul 21 at 21:20
If they were a bad actor, and they were hard core, they just would have had your number slammed to their SIM. If they have lost access to their bank, bitcoin, paypal account, there are other ways a genuine owner can go? This is why you need a second number for 2FA if a number is required.
– mckenzm
Jul 22 at 0:07
add a comment
|
It's a known scam attempt. The caller probably compromised one of your accounts, and got stopped by the 2FA token sent to your phone. If you send them the token, your account is fully compromised. Or, as Nic pointed very well, may be the account of someone else.
What you do?
First: don't send them any code or token. That will prevent them for compromising your account.
Second: If your provider offers any alternatives, replace SMS as 2FA on every account you have with a more secure solution, like a hardware or software TOTP token. SMS is too insecure for that. 1 2 3 4
Third: change your passwords. If you don't have a password manager keeping different accounts for each service, install and setup one now. It will take time, but takes way less time than to recover from any mischief an attacker can do with your online services. While you are changing passwords and storing them on your password manager, switch the 2FA from SMS to TOTP to have a safer 2FA.
Don't trust your brain to pick passwords. They are guessable, and a computer can try billions of combinations per second. Any password manager, no matter how primitive, is better than us at creating password.
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
It's a known scam attempt. The caller probably compromised one of your accounts, and got stopped by the 2FA token sent to your phone. If you send them the token, your account is fully compromised. Or, as Nic pointed very well, may be the account of someone else.
What you do?
First: don't send them any code or token. That will prevent them for compromising your account.
Second: If your provider offers any alternatives, replace SMS as 2FA on every account you have with a more secure solution, like a hardware or software TOTP token. SMS is too insecure for that. 1 2 3 4
Third: change your passwords. If you don't have a password manager keeping different accounts for each service, install and setup one now. It will take time, but takes way less time than to recover from any mischief an attacker can do with your online services. While you are changing passwords and storing them on your password manager, switch the 2FA from SMS to TOTP to have a safer 2FA.
Don't trust your brain to pick passwords. They are guessable, and a computer can try billions of combinations per second. Any password manager, no matter how primitive, is better than us at creating password.
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
edited Jul 20 at 18:16
atk
2,05211 silver badges14 bronze badges
2,05211 silver badges14 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
answered Jul 18 at 16:23
ThoriumBRThoriumBR
28.8k8 gold badges69 silver badges89 bronze badges
28.8k8 gold badges69 silver badges89 bronze badges
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Jul 21 at 21:20
If they were a bad actor, and they were hard core, they just would have had your number slammed to their SIM. If they have lost access to their bank, bitcoin, paypal account, there are other ways a genuine owner can go? This is why you need a second number for 2FA if a number is required.
– mckenzm
Jul 22 at 0:07
add a comment
|
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Jul 21 at 21:20
If they were a bad actor, and they were hard core, they just would have had your number slammed to their SIM. If they have lost access to their bank, bitcoin, paypal account, there are other ways a genuine owner can go? This is why you need a second number for 2FA if a number is required.
– mckenzm
Jul 22 at 0:07
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Jul 21 at 21:20
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Jul 21 at 21:20
If they were a bad actor, and they were hard core, they just would have had your number slammed to their SIM. If they have lost access to their bank, bitcoin, paypal account, there are other ways a genuine owner can go? This is why you need a second number for 2FA if a number is required.
– mckenzm
Jul 22 at 0:07
If they were a bad actor, and they were hard core, they just would have had your number slammed to their SIM. If they have lost access to their bank, bitcoin, paypal account, there are other ways a genuine owner can go? This is why you need a second number for 2FA if a number is required.
– mckenzm
Jul 22 at 0:07
add a comment
|
This is probably a attempt to gain access to the account that sent the code this is a common method of bypassing 2FA it works by once a message is sent with the code a attacker will text you and say that it is there old phone number and they need the code this might be someone who actually needs the code however more likely it is a attacker trying to gain access to your account
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
add a comment
|
This is probably a attempt to gain access to the account that sent the code this is a common method of bypassing 2FA it works by once a message is sent with the code a attacker will text you and say that it is there old phone number and they need the code this might be someone who actually needs the code however more likely it is a attacker trying to gain access to your account
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
add a comment
|
This is probably a attempt to gain access to the account that sent the code this is a common method of bypassing 2FA it works by once a message is sent with the code a attacker will text you and say that it is there old phone number and they need the code this might be someone who actually needs the code however more likely it is a attacker trying to gain access to your account
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
This is probably a attempt to gain access to the account that sent the code this is a common method of bypassing 2FA it works by once a message is sent with the code a attacker will text you and say that it is there old phone number and they need the code this might be someone who actually needs the code however more likely it is a attacker trying to gain access to your account
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
answered Jul 22 at 0:19
SamathaSamatha
366 bronze badges
366 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f213716%2fthis-used-to-be-my-phone-number%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
16
Sometimes we're just too paranoid. It's quite possible the person isn't lying, and it WAS their phone number. It's also possible this is some form of fraud. If you were feeling nice I suppose you could offer to unlock whatever account they have for them instead of passing on the information directly. I don't really see what the harm is if you haven't set 2FA anywhere yourself, especially if you handle all resets. Then again, it's also possible it's someone ELSES phone number, and you'd be resetting a completely different person's account.
– Steve Sether
Jul 18 at 17:30
3
I actually texted someone with my old phone number asking for the code once. Unfortunately, they never replied to me, so I had to create a new account.
– Lucas Ramage
Jul 18 at 18:37
Possibly relevant. security.stackexchange.com/questions/182567/…
– JMac
Jul 19 at 0:42
9
"Naturally, I refused the request." -- In cases like this, it is often more appropriate to simply offer no response whatsoever. There is no guarantee that the number has been re-issued yet, or that it is to a device that can do SMS with a human... let them wonder.
– trognanders
Jul 19 at 19:17
@trognanders - If it were a disconnected conversation (text, email), absolutely, no response would be best. But the OP was on a phone call with the other person. Simply hanging up when asked to forward the information wouldn't improve anything, the caller already knows he's reached someone. Morever, if it's a truthful person at the other end, telling them you won't do it is useful and appropriate. If it's a scammer, at that point doesn't much matter whether you say no or just hang up, they'll still try again. :-)
– T.J. Crowder
Jul 20 at 13:09