Why you never give a texted confirmation code to someone
You may have seen the fairly common Facebook / CL marketplace scams where someone “just wants to verify you’re not a bot” and asks for your phone number and you to give them a code you receive. All presented as a quick and easy way to prove you’re human to a seller or buyer who’s been dealing with bots and scams all day. You heard it’s a scam but what did you actually do?
TL;DR – they’re going to create an account or access something with a verified (by you) phone number.
Basically you gave them a number, they registered an account somewhere, and that account is now verified with your phone number. This allows them access to websites with protection, and when they do something illegal the police are going to have your number and potentially address as the people to come and talk to.
In one case it allowed a scammer spoofing a bank’s phone number to drain the account of someone who didn’t suspect fraud as it was the bank, they had some information, and the person on the other line “just needed to verify the owner of the phone was actually the person they were talking to.”
Anyway, never give someone a text based authentication code for anything. It just proves to *something* that they own your phone. If it’s your bank calling, you call them and never give a person any identifying information who calls you. If you’re pretty sure it’s legit, still don’t do it.
