Someone claiming to be from benefits support asked me to read them a code that was just texted to my phone - is this safe?
No - never read out a verification code to anyone who calls you, since this is almost always an attempt to break into your account, not a legitimate verification step.
Last reviewed: 5 July 2026
Explanation
This scam works by the caller first attempting to log into your real benefits account (or a related account like email or banking) using personal details they've already gathered, which triggers a genuine one-time verification code to be sent to your phone by the real system. The caller, posing as agency support staff, then calls you and asks you to read out the code you just received, claiming it's needed to 'verify your identity' or complete a support request you never actually initiated.
In reality, the code was generated because the scammer was actively trying to access your account at that moment, and reading it out to them hands over the exact piece of information needed to complete the takeover. A genuine agency support call would never need you to read out a one-time code that was sent to confirm a login or action you did not initiate, because the code exists specifically to prevent someone other than you from completing that action.
If you receive an unexpected verification code you didn't request, do not share it with anyone, including someone claiming to be support staff on a call. Instead, treat the unsolicited code itself as a sign that someone is trying to access your account, and change your password immediately from a device you trust.
Common red flags
- You receive a verification code you did not request just before or during an unexpected call
- Caller asks you to read the code back to them over the phone
- Claims the code is needed to 'verify your identity' for a request you didn't initiate
- Creates urgency to get the code from you quickly
- Caller ID may show a plausible-looking number due to spoofing
- Follows up quickly if you hesitate, increasing pressure
What to do now
- Never share a one-time verification code with anyone who calls you
- Treat an unrequested code as a sign someone is trying to access your account right now
- Change your password immediately from a trusted device if you receive an unexpected code
- Hang up on any caller asking you to read out a code
- Enable additional security features like login alerts if your account supports them
- Report the incident to the agency and your account provider
Frequently asked questions
Why would the code be real if the caller is a scammer?
The scammer triggers the real code by attempting to log into your genuine account; the code itself is legitimate, but sharing it lets them complete the login as if it were you.
What should I do immediately if I already read out the code?
Change your password right away from a trusted device and check your account for any unauthorized changes, then contact the provider's fraud team.