- Scammers target recovery because it bypasses strong passwords and 2FA.
- The core trick: get you to share a verification code or approve a login.
- Defense: strict rules + better recovery settings + passkeys where possible.
What a recovery scam looks like
You get an urgent message: "Your account is locked," "Suspicious login," or "We need to verify you." It pushes you to act fast and skip thinking.
Then you're moved to a phone call, WhatsApp, or a fake support chat where they ask for codes, screen sharing, or a payment.
The verification code scam (why it works)
Many services send a code to confirm identity. Scammers trigger that code themselves, then convince you to read it out. The code is the login key.
Once they have it, they can log in, change recovery settings, and lock you out.
- They create pressure: "If you don't act now, you'll lose your money."
- They sound official and may spoof numbers.
- They make you feel like you're helping security.
Common recovery scam variants in 2026
- Fake bank support calls and "safe account" transfers.
- Fake Google/Apple/Microsoft support emails and call-backs.
- Account recovery email that links to a look-alike login page.
- Screen-sharing scam: they guide you to approve access.
How to protect yourself (simple rules that work)
- Never share one-time codes with anyone. Ever.
- Never approve a login prompt you didn't initiate.
- Only contact support through the official website/app you open yourself.
- Use passkeys/security keys when possible.
- Store recovery codes safely and keep recovery email locked down.
FAQ
What if the caller knows my name and details?
Data leaks are common. Treat details as proof they had access to data, not proof they are legitimate.
Should I call the bank back?
Yes, but using the official number on your bank card or website, not the number that called you.
How can I make recovery safer?
Use strong recovery options, remove SMS where possible, and secure your email with passkeys or strong MFA.