One-Time Code Scam

A one-time code scam happens when someone tricks you into sharing a code sent by text, email, authenticator app, bank app, shopping app, or social media account. The code may approve a login, password reset, money transfer, new device, or account recovery. The safest rule is simple: if someone asks you to read, forward, screenshot, or type a code for them, stop. The code is meant for you only. The FTC warns that anyone asking for your verification code is a scammer, and that rule is a strong beginner habit.

• A one-time code is a temporary key for logging in or confirming an action.
• A scammer may already have your password and only needs the code.
• They may pretend to be a bank, buyer, friend, support worker, or family member.
• AI-written messages can make the request sound calm and believable.
• Never share the code with another person, even if the story sounds harmless.

A one-time code is like a temporary key. It may last only a few minutes, but during that time it can let someone pass a security check. The scam often begins before you see the code. The scammer may enter your email, phone number, or username on a login page. Then the real service sends a real code to you. The scammer contacts you and invents a reason you should share it.

The request may sound innocent: “I sent a code to you by mistake,” “I need to verify you are the seller,” “I am from support,” or “Your account is being protected.” The danger is that the code may give access to your account, not theirs. The FTC’s consumer alert says verification codes are only for you to log into your account and should not be shared with someone else: FTC verification code warning.

AI can help you write a safe refusal, understand the scammer’s story, and prepare next steps. It should not receive the actual code, password, recovery phrase, or private account details. A safe AI task is: “Write a short message saying I cannot share verification codes.” Another safe task is: “Make a checklist for securing my account after a suspicious code request.”

1. Do not share the code, screenshot, or notification.
2. Stop the conversation if the person keeps pressuring you.
3. Open the account app or website directly, not through their link.
4. Change the password if you think they may know it.
5. Turn on stronger multi-factor authentication where available, such as an authenticator app or passkey.
6. Check account recovery email, phone number, and recent login activity.
7. Report the scam through the platform, bank, or consumer-protection authority.

Buyer scam: A buyer says they need a code to prove you are not fake. The code may let them register your number or enter your account.

Bank scam: A caller says fraud is happening and asks you to read the code for cancellation. The code may approve the fraud.

Friend scam: A hacked friend account asks for a code to recover their account. The code may actually be for your account.

It is a trick where someone asks for a temporary login or verification code that belongs only to you. The scammer may use the code to enter an account, reset a password, link a device, move a phone number, or approve a transaction.

No. An unexpected code can mean someone is trying to log in, reset a password, or test your account. Do not share it. Open the account directly and check security settings if you are worried.

A code is not a customer-service number and not proof that a caller is real. It is a key. If another person asks for it, the conversation should stop until a trusted person or official channel is involved.

Security settings differ by account. Check the official help pages for your bank, email provider, phone carrier, social platform, or shopping account. For general phishing advice, CISA’s guidance on recognizing and reporting phishing is useful: CISA phishing guidance.

A one-time code is a key, not a conversation detail. Keep it private, verify through official channels, and act quickly if you shared it. When in doubt, the safest answer is: “I cannot share verification codes.”