Two-Factor Authentication (2FA)

An extra security step beyond your password, such as a code or app approval.

How it appears in scam messages

Because two-factor authentication blocks most account takeovers, scams increasingly focus on defeating it — by tricking you into reading out a one-time code, approving a login prompt you didn't start, or sending you to a fake login page that captures your password and the code together. Knowing this helps you spot the moment a scam needs its 'final step'. App-based or hardware 2FA is harder to phish than SMS codes.

Example only - do not act on it

Example only: We've sent a login approval to your phone — tap 'Yes, it's me' so we can verify your account.

Why it matters

2FA blocks many takeovers even if your password leaks.

Common red flags

Anyone asking for a 2FA or one-time code
A login-approval prompt you did not trigger
A page asking for your password and code together
Pressure to approve or share the code quickly

Safe next steps

Stop and verify through official channels you find yourself
Never share codes, passwords, or card details from a message
Use the message checker if you are unsure
Report and block the sender

Check a suspicious message

See the red flags in a real message and what to do next.

Check a message

OTP scamA scam focused on getting the one-time passcode that protects your account or approves a payment.Account takeoverWhen a scammer gains control of one of your accounts, often using a stolen password plus a tricked one-time code.

Related scam messages you can check

Related scam-type hubs

Related red flags

Emergency guides

Frequently asked questions

How can I avoid two-factor authentication (2fa)?

Slow down, never act on urgency, and verify through official apps or websites you open yourself. Use the free checker if a message seems off.

What if I have already been affected?

Contact your bank or the relevant provider through official channels, change any exposed passwords from a trusted device, and save evidence. See our recovery guides.