Even after Twitter dropped SMS 2FA, someone still tried to hack my account via text. - The Verge

Posted Mar 31, 2023, 1:23 AM UTC

R

Richard Lawler Mar 31

Even after Twitter dropped SMS 2FA, someone still tried to hack my account via text.

Someone initiated a password reset request on my account (I prefer Mastodon these days) and then sent this message to try to get me to text them the verification code I received from Twitter. Don’t they know Twitter already cut off SMS 2FA for non-Blue subscribers?

(FYI - you should use another form of two-factor authentication on your account, and you should never, ever resend a verification code via text — unless you think you can get a good story out of it.)

2FA phishing message reading - Twitter: We have noticed an unusual Login attempt from Dallas, Texas to your Twitter Account (@rjcc). We have sent you an 8 Character Confirmation Code to the E-mail Address connected to your Twitter Account (************@*****.***). Reply with the 8 Character Confirmation Code to block this login and set-up a new passcode. Reply with “YES” to authorize this login attempt.

The fake Twitter message trying to phish my verification code.

Image: Richard Lawler

Read More From:

Share: