The Verification Code scam

Print Friendly, PDF & Email

Today we’re talking about a scam that’s making the rounds but a lot of people aren’t aware of how it works, or even the fact that it IS a scam. But it can cause you some headaches if you fall for it.

Google Verification code


We’ve all become pretty accustomed to verification codes. If a company or website needs to verify your identity, they will commonly send a text message with a 6-digit verification code, which you then need to enter on the website to prove that you are the person you say you are. (Really, it just proves that you have access to that person’s phone, but usually that’s good enough).

But now, the scammers are using the verification code process for their own nefarious purposes. Specifically, they want to create new online accounts, such as a Craigslist account, using YOUR phone number.

When a scammer does this, there are basically two main steps to the process.

Step One – start creating the Craigslist account

The scammer will go in to the Craigslist site and start the process of creating a new account. Of course, he only wants to use this account to scam people. Craigslist knows that this is very common, so they require any new account to have a phone number, and they have to VERIFY that phone number.

So the scammer gets most of the way in to the process of creating the new account, right up to where Craigslist is asking for the phone number. That’s where they pause for a minute.

Step Two – hijacking your phone number

The most common victim for this scam is someone who is selling something on Craigslist, and includes their phone number in the contact info.

The scammer sends you a text message saying, “Hey I want to buy your ____ ” (whatever you’re selling).

You respond, but then he comes back and says “There’s a lot of scammers on Craigslist these days. I’d like to verify you first. I just sent a code on your phone. Reply to this text and tell me the code, to prove you’re a real person!”

But of course, the code that got sent didn’t really come from him. It came from Craigslist, because he used YOUR phone number to verify his new account. When you send him the code, he enters it on his Craigslist application and this “confirms” to Craigslist that he owns that phone number. Even though he doesn’t own it – you own it.

At this point, your phone number is associated with the scammer’s new account. This means that he can now post ads on Craigslist for the next 90 days without any further verification. Any spam or illegal activities done on that account will be connected to your phone number. And that also means if you try to register for your OWN account on Craigslist, you probably won’t be able to do so, since your phone number has a bad history.

This process can also be used with Google, and that means the scammer can use your phone number to get their own Google Voice number, so they can make phone calls and send text messages to scam other people.

In the worst cases, illegal activity done on these fake/scam accounts might involve law enforcement investigating who is responsible. Don’t put yourself in the position of having to explain why your phone number is the “verified” number on a scammer’s account.

Bottom line: don’t give any verification code to anyone.

listen to my podcast Apple Podcasts

Share this post