Skip to main content
Even after Twitter dropped SMS 2FA, someone still tried to hack my account via text.

Someone initiated a password reset request on my account (I prefer Mastodon these days) and then sent this message to try to get me to text them the verification code I received from Twitter. Don’t they know Twitter already cut off SMS 2FA for non-Blue subscribers?

(FYI - you should use another form of two-factor authentication on your account, and you should never, ever resend a verification code via text — unless you think you can get a good story out of it.)

2FA phishing message reading - Twitter: We have noticed an unusual Login attempt from Dallas, Texas to your Twitter Account (@rjcc). We have sent you an 8 Character Confirmation Code to the E-mail Address connected to your Twitter Account (************@*****.***). Reply with the 8 Character Confirmation Code to block this login and set-up a new passcode. Reply with “YES” to authorize this login attempt.
The fake Twitter message trying to phish my verification code.
Image: Richard Lawler