Misdirected Two-factor authentication

I do not have a facebook account, yet facebook (or some entity purporting to be facebook) keeps sending me codes for two factor authentication.

I’m imagining some poor soul desperately trying to get their facebook fix and being denied because they mistyped their phone number in when they opened the account.

I would laugh, except the text message count is up to 8 now. It’s kind of annoying.

I started getting text reminders from NY to update the registration for my Honda.

I don’t live in NY and don’t have a Honda.

I click the link to “unsubscribe” and it takes me to the NY DMV website where I am asked to log in. As if I have any clue what random NY driver’s account the texts are coming from.

I just blocked the number and forgot about it, until now.

This is becoming less and less mundane.

I have now received text messages from 3 different non-phone number numbers from facebook. I’ve blocked them all.

I have received one phone call with a recorded message telling me ‘my code’ verbally. I blocked that too.

Now I’m receiving text messages from google with a confirmation code. (3 so far).

I don’t know what to do.


If it’s somebody who put in the wrong phone number for authentication, it should stop after a while - either they will find some other way to get into their account, at which point they will probably fix it, or they will give up on their account altogether since they can’t access it.

I thought most online services verified the e-mail address & phone number before using it for account authentication? Or is it just e-mail addresses?

I’m pretty sure they always do that if it’s for two-factor authentication. But maybe this is more like a recovery number in case you forget your password - I don’t think those are always verified when you enter them.

I guess it’s also possible that someone else had this phone number a long time ago and registered it as their recovery number.

Or maybe the guy just forgot his own phone number. Several years ago, I started getting a lot of wrong number calls for a recording studio. Lots of them.

Because the studio had a phone number with a 914 area code even though they were located in Manhattan. 914 is usually associated with Westchester County. I had the same number in the 917 area code, which is one of several NYC area codes. I did a little research when I started getting all the wrong numbers and figured out what was going on. The wrong numbers continued. I told everyone that dialed me that they had the wrong area code.
Then one day my phone rings and this guy starts yelling at me, accusing me of hijacking his phone number and intercepting his calls. He was pretty worked up. So I just laughed and I’m like, “Dude, you don’t even know your own phone number. You’re giving out the number with the wrong area code. 914, man, 914.”

Guy mumbled an apology and hung up.

^I had a similar situation with an 800 number the phone company gave me for a pager. Some dude (I’ll call him Jim) had the number but lost it due to nonpayment. I began getting pages from people trying to contact Jim for business reasons. Initially I tried to help Jim, calling the people and explaining this number was now mine

Then Jim paged me and I called him. He demanded in no uncertain terms that I contact the phone company and give him back his number. I told him that wasn’t going to happen, as I’d already listed the number on business cards, the phone book, advertisements, etc. He continued to insist and even threaten me.

So, I upped my game. When people called my pager looking for Jim I began calling them back and telling them “Jim says Fuck You, asswipe” and such. The problem went away.

I texted “STOP” back and that solved the facebook problem. Since then I’ve received text messages from LinkedIn, Twitter and Google. Today I’m getting a bunch from Snapchat.

I have no idea what the hell is going on. Blocking is fine for services I don’t use, but I don’t think I can block Google since sometimes Google sends me legitimate two-factor authentication texts.

How long have you had this phone number? Might it be from the previous owner?

This and other reasons is why NIST doesn’t like 2FA for it’s really poor security. (That’s right. It is not secure!)

A big tree came down Sunday afternoon and we were without cable until Wed. afternoon. Once it was back up I saw that our “landline” (VoIP) had gotten 8 text messages informing me that the tech was scheduled, on his way, etc.

I never once told them they could text me and certainly not at that number and furthermore I couldn’t read those messages until after they restored service!

Comcast: when you want things done wrong.