I had someone contact me on Facebook marketplace, we agreed upon a time/price and then they asked for my phone number (which I sadly gave them). Then they said "I'm going to text you a code, so I can verify you are legit". The text I got was from Google Voice's 2FA.....
This is very common scam. AFAIK it’s a way to create a new Google Voice account (linked to your phone number) with the goal of using that account for other scams so that they can’t be tracked.
I fell for it, but since I already had a Google Voice account linked to that phone number, it didn’t work for the scammer. But he didn’t realize what it didn’t work.
I quickly realized that something wasn’t right (and Googled the mechanics of the scam) and then was able to waste his time for another 30min.
The reason I fell for it was because they use a text message from Google in some African language, so I didn’t immediately realize what was going on. Still dumb to not pay more attention…
But it taught me to not list my phone number in the open on Craigslist.
I get these texts periodically. I feed them fake codes and waste as much of their time as possible.
When they figure it out, I receive threats ranging from reporting me to the authorities all the way up to killing me and raping my family.
I then point out exactly how their scam works, and that they are either criminals directly or working for them as patsies. At this point, they usually stop responding.
If they don’t, then I take the chance to vent some of my own vitriol at them. It’s usually therapeutic, but it’s always fun.
I have accumulated a lot of hobbies over the years, and I count this among them.
I used to get some tech support scams but I think either that scam is dwindling or I've got blacklisted somehow.
Those "3rd line specialists" can get really angry when they realize the unsecure but rich old man they are talking to is far beyond them in tech and have been having fun and recording them ;-)
How would someone use that code to hack into my GV account? Wouldn't they also need to know my password or have access to my e-mail account to login or to reset your password?
Because OP specifically mentioned Google Voice, my guess is that it was a phone number "ownership" code, rather than a 2FA code per se.
The attacker was probably trying to create a new Google Voice account forwarding to OP's phone number. They could then use the new GV account as its own "legitimate" phone number in order to engage in other scams.
(Alternatively, OP's password might have already been compromised, and this was the last stage of a targeted attack by someone trying to get into their account.)
I don’t use GV, but presumably if they can make Google send you an auth SMS then they have already input your password. I’m guessing it was leaked in some big password leak, and not phished at an earlier time.
this happened to me the other day for an item i was selling. at the first mention of a “code”, i told them first come first served and i have other people interested. that ended the conversation.
