When you log into your bank or credit card account, you might get a text message or email with a verification code. You then enter it at the login screen to confirm it’s really you. That’s a form of two-factor authentication that adds a layer of security to your account — and keeps would-be scammers and hackers out.
Your account password and a verification code work together, like the lock on your doorknob and a deadbolt lock. If you unlock the doorknob but not the deadbolt, you can’t get in. Likewise, if you know the account password but not the verification code, you can’t get in.
The same goes for scammers trying to get into your account. To break into your account, scammers need both keys. That’s why they try to trick you into sharing your verification code.
Scammers pretend to be someone you can trust, and say they’ve discovered a problem with one of your accounts — or that someone’s using your identity. They may know some things about you and sound very convincing. They may even be very sympathetic to your problem: offering to help you set things right … and then asking for your verification code to get into your account.
If you give them the code, they can log into your account and transfer all the money out of your savings or investment accounts.
Never give your verification code to someone else. It’s only for you to log into your account. Anyone who asks you for your account verification code is a scammer.
If someone asks you for your verification code, don’t engage. Hang up. Block their number. Stop texting them. Then report them to the FTC at ReportFraud.ftc.gov.
If you’re worried there's a problem with your account, contact your bank, credit union, or investment advisor directly. Use a number you trust, like the one on your statement or in your app. Never use the number the caller gave you; it’ll take you to the scammer.