2FA Suspecious SMS

[hackerspark]

Select Topic Area

Question

Body

When I try to use the "Forgot Password" feature and use the "Send a code via SMS" option for the 2FA code, I receive the code from varying phone numbers and suspicious text content. Eg:

• Phone no. : 08527519115
• SMS: 254781 is your verification CO'DE. Don't share your CO'DE with anyone.

---

• Phone no. : 09821713335
• SMS: 852237 gIThUb .

---

• Phone no. : 09173441930
• SMS: Your verification CO'DE is 029074. Please don't share with anyone else

---

• Phone no. : 09266034047
• SMS: 625770 gIThUb .

---

• Phone no. : 09773990152
• SMS: 052010 gIThUb .

---

• Phone no. : 57575711
• SMS: 370196 is your GitHub authentication code.

---

• Phone no. : 07428984530
• SMS: OUR O'TP CO'DE IS 063164. It is valid for 1 minutes.

---

Can anyone help confirm if these are the numbers used by GitHub for 2FA SMS and if the SMS content is legitimate?

[adhammenesy]

Hi,

GitHub does not guarantee a fixed sender number for 2FA SMS messages. Depending on your mobile carrier and region, the verification code may come from different numbers, shortcodes, or even masked numbers.

The important points to verify legitimacy are:

1. The SMS contains a one-time code for GitHub authentication.
2. It never asks for your password or any other sensitive information.
3. The code is valid for a short period (usually a few minutes).

The variations you see in the phone numbers and slight differences in text formatting can be normal due to carrier routing or regional SMS gateways. However, never share your 2FA code with anyone, and only enter it on the official GitHub site.

For extra safety:

• Enable Authenticator App (TOTP) 2FA, which is more secure than SMS.
• Contact [GitHub Support](https://support.github.com/) if you suspect suspicious activity.

[hoesknowhoes]

what is a masked number?