Why did I get a verification code I didn't request?
Someone is trying to log into your account or reset your password. Do not share the code with anyone — this is how account takeovers happen.
Last reviewed: 1 June 2026
Explanation
A one-time verification code you didn't request usually means someone is trying to access one of your accounts. They may have obtained your username and password from a data breach and now need only the code to complete login. In many scams, this is followed almost immediately by a call or message claiming to be your bank, a platform's support team, or even a friend — asking you to read back the code.
Sharing the code hands over full access to your account. No legitimate organisation will ever call you to ask for a code that was just sent to your phone. The code is a security check for you, not for the caller.
Common red flags
- A code arrives without you requesting it
- Immediately followed by a call or message asking you to read it out
- The caller claims to be verifying your account for security reasons
- Urgency — 'your account will be locked if you don't share the code'
- The caller already knows some of your personal details
What to do now
- Do not share the code with anyone
- Change the password for the account the code was sent for
- Enable two-factor authentication if it isn't already on
- Check your account for any recent login activity or changes
- Report to the platform and your national fraud service if you believe an attempt was made
Frequently asked questions
What if I already shared the code?
Act immediately: change your password for that account, sign out all other sessions if the platform allows it, and contact support. If the account is linked to banking or email, secure those too.
Could it be a mistake — someone typing their number wrong?
It's possible, but the risk of sharing the code is high and the downside of not sharing it is zero. Never share the code regardless of the explanation.