Before you respond
What to do if you gave a scammer a code
Learn what to do if you gave a scammer a one-time code, including changing passwords, checking devices, contacting support, and securing accounts.
Reviewed June 10, 2026
Quick answer
If you gave a scammer a one-time code, treat the affected account as at risk.
Go to the real app or website, change the password, remove unfamiliar devices, and contact support if you cannot get in.
At a glance
A verification code scam tricks you into sharing a one-time login or setup code that can let someone access or create an account.
- A stranger asks you to read back a code.
- The code message says not to share it.
- The request is tied to a sale, bank alert, prize, or account problem.
Secure the affected account from the real app or website and contact support if the scammer changed access.
Why one-time codes should be treated like passwords
A one-time code can unlock an account, approve a login, reset a password, or connect a phone number to a service. Scammers ask for codes because they cannot complete the action without your help.
The safest response is fast account cleanup. Change the password, check recovery email and phone settings, sign out other devices, and contact the real company if you cannot regain access. If money or banking was involved, call the bank through a trusted number.
What it may look like
"I just sent you a 6-digit code to prove you are real. Send it back so I can buy your item."
Signs to slow down
- The person asks you to share a code sent by text, email, or authenticator app.
- The code message says not to share it with anyone.
- The request is connected to a fake bank alert, marketplace sale, prize, refund, or login problem.
- They pressure you to respond before the code expires.
What to do next
- Change the password for the affected account from the real app or website.
- Turn on two-factor authentication if it was not already enabled.
- Review recovery email, phone number, devices, forwarding rules, and recent activity.
- Contact the real company if you cannot access the account.
- Contact your bank if the account connects to money or payment information.
How to report it
- Report account takeover or cyber-enabled losses to IC3.gov when appropriate.
- Report the scam contact to ReportFraud.ftc.gov.
- Report the profile, listing, or message inside the platform where it happened.
How Olevo can help
Olevo can help you identify which account the code was for.
Paste the request and the code notification wording without sharing the actual code. Olevo can help you see whether it points to a bank, marketplace, email, Google Voice, or another account.
Trusted sources
What's a verification code and why would someone ask me for it?
Federal Trade Commission
FTC guidance explains why one-time verification codes should be treated like passwords and never shared with unexpected contacts.
Google Voice scam: how the verification code scam works and how to avoid it
Federal Trade Commission
FTC guidance describes scammers who ask for a Google Voice verification code while pretending to verify a sale or listing.
Account Takeover Fraud via Impersonation of Financial Institution Support
FBI Internet Crime Complaint Center
FBI guidance describes financial institution impersonation through texts, calls, emails, and fraudulent websites.
Common questions
Is a one-time code the same as a password?
It is not the same, but it can be just as sensitive. A code can approve a login, reset, or account setup.
What if the code was for my bank?
Contact your bank immediately using the app or number on your card, then change passwords and review transactions.
Can I fix it if the scammer changed my password?
Use the account recovery process and contact the real company. Check recovery contacts and devices after access is restored.
Should I send a code to prove I am a real buyer or seller?
No. A legitimate buyer or seller does not need a login or verification code sent to your phone.