Starting this morning, I have gotten multiple text messages on my smartphone of “(6-digit number) is your verification code” when I have not been trying to log into anything. Is this some glitch, or someone trying to log into some sort of account or service using my email or identity?
My guess, based on my experience, is that someone is trying to log into some service and they’re using your email address by accident. I have a somewhat common name and I have the baseline firstlast email addresses at hotmail and gmail, so people mistake my email for theirs all the time.
It is certainly possible that someone has gotten a hold of your password for some site, but since you have two factor authentication turned on they were probably prevented from logging in. Although using text messages for that purpose isn’t the most secure; if the hacker also figured out your cell number they could clone your cell phone and obtain the code.
I would definitely change your password for whatever site you’re getting the texts from.
It could be either. Are these verification codes for websites/apps where you do have an account? if so, someone may be trying to access them and your password may be compromised (or you share the login with someone and they are trying to use it). If not, probably some sort of phishing attempt or just plain old spam.
Two-factor authentication shouldn’t kick in unless a correct password was also used, though.
Hard to say. Could be phishing spam where they’re hoping you’ll call that number to investigate and then they’ll start reeling you in..
When I am legitimately logging into a site that will send me a code, I save that incoming phone number as part of a contact for that company. So next time when something like that comes in, I know it’s The Bank of ABC, not just 888-123-4567 that’s sending me the code.
If you do that for each of the entities you actually log into, you can instantly identify which place somebody might be trying to log into if it’s a real attempt by a bad actor. You can also identify probably-faked messages coming from places unknown to you that are probably fake numbers.
My method isn’t foolproof, but imagine that right now the OP knew the message was coming from one of the places they actually bank or shop or doctor or whatever. Be easy to log into that site yourself, change the PW, start investigating for illicit charges, etc.
Right now the OP has no idea what part of his financial empire might be under attack. And that’s not good.
There are some sites now that don’t even require a password to log in; they just send a verification code to the email address or phone number they have on file for you. So that scenario is plausible, too.
Exactly. Lots of sites these days, really.
I have accounts where they send a code if you request a password reset, which might be happening. The whole point of that is you’ve forgotten the password, so you don’t need it.
Unfortunately, all the text messages say is “Link verification code is ____” or “Shop verification code is _____” and do not disclose what the “Link” or “Shop” is.
If I were the OP, I wouldn’t assume this was accidental and I’d change my passwords. But yes, this sort of thing does happen. I occasionally get emails, particularly on my generically-named Gmail account, that appear to be legit but obviously not intended for me. There is some woman out there somewhere with a feminine version of my first name who was recently car-shopping, bought a car, and then was insurance-shopping, who is probably wondering why various car dealerships and auto insurers aren’t bothering to contact her! 
I’d help if I could, but there’s not really much I can do if she fat-fingered the wrong email address.
Another thing that I think is due to a mistaken email address is that I’ve several times got a notice on the email that I use as a Gmail recovery account that one of my Gmail addresses has not been accessed in over six months and will be terminated if I don’t log into it. I have two Gmail addresses and one of them is automatically accessed every five minutes, the other every few days, so this is not true. I just ignore it.
Block the number.
Delete.
Ignore.
I wouldn’t do that. If these are from a site the OP legitimately needs to log into, then they won’t be able to get the verification codes when they really are trying to log in.
Does it include a phone number or something? If it’s not telling you what it’s a verification code for, you don’t even know what password to change. (Note, don’t call the phone number, but this maybe be weird spam)
Ah, that is true.
I understand that.
My method of creating a contact cannot help with your immediate problem.
But if you or anyone else begins using that method going forward whenever you really are logging on to [wherever], pretty soon you’ll have built up a reliable database of incoming text source numbers that will at least inform you which of your accounts is under attack, or give you further reason to believe it’s just phishing spam hoping you’ll call the mystery number.
As a separate matter, nearly every such legit text I’ve gotten in the last year or more has included in the text body which entity is sending it, as well as a warning not to give the code to a caller because that would be a scammer, but rather only input it into our website.
The fact the message you have received is so different and so generic versus the current sorta-standard further suggests that it is a fake phishing attempt, not an actual message from an actual account you have that is actually being attacked.
As to your specific problem today …
I’d treat this the same as the email spam I often get about “My account at XYZ Bank being suspended unless I do [whatever], but especially click here.”
I have no account at XYZ Bank and never did. I can safely conclude that is a phishing attempt.
If it is a scam or phish or whatever, how? What does the scammer hope that @Velocity is going to do with that text?
Someone stupidly putting in the wrong email address is, by far, the most plausible explanation.
By chance have you sold anything in the past on Facebook Marketplace? You might pull up your account and see if someone is trying to verify if your ad is legit 
by sending you a code to send back to them (scam).
I wouldn’t either but I’m on the verge of blocking a number for the first time. I somehow got on the blast list for local races like Mayor, trustees, Park Commission for a suburb like 25+ miles away. Five messages a week about Tinley Park, Il politics is getting old.