Scam Warning Involving Your Phone

  • Thread starter Thread starter Drakkith
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around a personal experience with a phone scam involving verification codes, particularly in the context of online classifieds like Craigslist. Participants share insights on the nature of such scams, security practices, and personal anecdotes related to online safety.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested
  • Meta-discussion

Main Points Raised

  • One participant describes a scam where they received a verification code from someone claiming to verify a Craigslist ad, leading to concerns about potential unauthorized access to their Google Voice account.
  • Another participant mentions that the verification code could also relate to a Google account, suggesting possible access to financial information.
  • A participant emphasizes the importance of changing passwords as a precaution against potential security breaches.
  • One contributor shares a historical anecdote about a security breach at GE, highlighting the importance of following security practices.
  • Several participants agree on the principle of never sharing verification codes with unknown individuals, stressing the inherent risks involved.
  • Another participant questions the logic behind needing a verification code to confirm the authenticity of an ad, suggesting that genuine interest in the item should suffice.
  • One participant notes their frequent encounters with dubious investment opportunities, drawing a parallel to the discussed scam.

Areas of Agreement / Disagreement

Participants generally agree on the risks associated with sharing verification codes and the need for caution. However, there are varying perspectives on the specifics of the scam and its implications for personal security.

Contextual Notes

Some participants express uncertainty about the extent of potential damage from the scam, and there are differing views on the security measures that should be taken in response.

Drakkith
Mentor
Messages
23,205
Reaction score
7,687
Beware, all. I almost fell for a scam today. Well, to be fair, I fell for it but quickly realized what happened and managed to fix it before anything bad happened.

I posted a Craigslist ad for some random odds and ends that I was giving away, with my phone number for the contact info. A few hours later I received a text message from someone saying they were interested in my ad. They said that they wanted to make sure the ad was real and not fake, so they were sending me a 'verification code'. This should have been a red flag already, but I was in the midst of something so I just gave them the code (received in a separate text).

Then they asked for another code, which I gave again. After the 2nd code something clicked and I said to myself, "Hmm... wait a second...".
After actually reading the text messages with the codes, I realized that the messages were from Google Voice. That's when I stopped what I was doing and started doing some research on this. I quickly came across this kind of scam, where someone will send you a verification code to 'verify your ad is real' and then use that code to make a google voice account with your phone number (presumably for nefarious purposes).

Soon after I started researching this, I also received a message from Verizon (my carrier) with a verification code. I shudder to think what they could have done if they had gotten access to my Verizon account.

Luckily all I had to do at this point was to create my own Google Voice account and connect my phone number to it, since connecting your number automatically removes it from any other account it was linked to (like the scam account).

Long story short, I managed to catch this scam before it did any real harm to me. I'm not sure what kind of damage could have been done had I not quickly caught on to the scam, but I suspect it wouldn't have been fun to fix. Or cheap.

Be safe out there folks!
 
  • Like
Likes   Reactions: davenn, DennisN, nuuskur and 4 others
Computer science news on Phys.org
Update: A friend of mine told me that the verification code was for a Google account, not just a Google Voice account, and that through there they might have access to financial information. He recommended I change my password to that as well.

I'm pretty sure I don't have any financial information attached to my Google account, but I've changed my password to both Google and Verizon just in case.
 
Never hurts to change all your passwords as you never know what they may find and how they will come at you again.

Years ago at GE, a corporate auditor who had worked at our computer center as a production operator (ie setup and submitted scheduled jobs for clients) used his knowledge of accounts and passwords to access our customer service user acct. On it, was a file of all passwords used on the site. It was a reference for when a GE customer would call and say they forgot their password. This was circa 1976 before the idea of never showing passwords but instead, select a new one that was subsequently hashed and stored.

The auditor found this unprotected file, reported it and got a lot of kudos from the audit team for finding a security breach and our customer service folks who worked hard got egg on their faces. All because at that time we didn't have or follow any recommended security practices as things were just too new. To be fair the auditor used insider knowledge to break in but that's now a thing to watch.

GE auditors would usually go on to become corporate-level managers of whole GE divisions after having traveled around to many GE sites doing their audit work. Basically, they gave up their life for a few years to reap the benefits of becoming a corporate manager in high esteem.
 
  • Like
Likes   Reactions: Drakkith
As a rule of thumb, never share any such verification code with someone whom you do not know personally.
 
  • Like
Likes   Reactions: Drakkith
Wrichik Basu said:
As a rule of thumb, never share any such verification code with someone whom you do not know personally.

Or anyone really. Unless there's a very, very good reason they need it.
 
  • Like
Likes   Reactions: Wrichik Basu
That verification jazz is suspicious from the get go. I'd be like how does one verify whether my ad is real or not based on some code. If they're interested in the merchandise, no code will verify whether I actually have the goods.

Good job catching on to that. Haven't run into that kind of scam, but I've been offered "once in a lifetime" investment opportunities at least twice a month.
 
  • Like
Likes   Reactions: Drakkith

Similar threads

Text from scammer originating from email address rather than phone
  • · Replies 8 ·
Replies
8
Views
2K
How can I receive security codes overseas without a traditional phone number?
  • · Replies 2 ·
Replies
2
Views
1K
Reminders that scammers and hackers are clever
  • · Replies 6 ·
Replies
6
Views
2K
Back Up Phone Data: Solutions & Tips
  • · Replies 23 ·
Replies
23
Views
3K
Android: Delivered & Read Messages
  • · Replies 1 ·
Replies
1
Views
3K
The phone company has computers doing its customer service
  • · Replies 18 ·
Replies
18
Views
2K
Cold-call scammers, "Your Windows computer is infected"
  • · Replies 23 ·
Replies
23
Views
3K
A historical look at decrypting the Enigma
  • · Replies 52 ·
2
Replies
52
Views
6K
Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
5K
FB Friend Suggestion: Privacy Violation or Digital Age Necessity?
  • · Replies 36 ·
2
Replies
36
Views
10K