I recently encountered a strange incident regarding the 2FA of my Google Account.
The user Dunois has described a very similar occurance in this post: Functional Google 2FA code (via SMS) received from a random (but in use) mobile phone number
My experience is a bit different, so i made a new post instead of replying to his original post.
The other day, i set up a 2FA for the Google-Workspace-Account that i use at work. I (foolishly) chose the SMS option, and entered my phone number. The code that I received didn’t come from the usual phone number simply marked as “Google”, but from what appeared to be a regular phone number from the UK (+447907180…, apparently an o2 number). Also it didn’t come with the usual message (“G-###### is your…), it simply had six digits in it, with no further message.
I didn’t use the code, because it just freaked me out a bit. Instead i requested another code, this time receiving a message from the usual “Google”-number. I didn’t switch websites, i literally clicked the same button twice, receiving messages from two different numbers. I can also rule out falling for a spoofed website, since i’ve navigated to my account settings from my Gmail, which i have saved as a bookmark in my browser.
Unfortunately, I deleted the message before i made a screenshot.
The next day, I tried to reproduce the same thing with my private Google-Account, which already had prompts as a 2FA-Option activated. When i switched it to SMS, the same thing happened again, this time i took a screenshot. https://i.stack.imgur.com/kEHRM.png
This time the code came from a german number (I live in Germany), but had the same format as the last one. Again though, i didn’t enter the code.
On both accounts i haven’t been able to receive another message from the two numbers since. Every time i request a new code, it will come from the old “Google” number. Friends, that tried it for themselves, were getting the regular messages as well.
My Google Account shows no suspicius activity, i am not missing any data, nor have i been locked out of either my accounts.
By now, i called both numbers, the german one seems to be active, but goes straight to voicemail. The british one is apparently unknown by my provider T Mobile.
So my question is: Do i have to worry about my account? And if not, what is going on here then? If it is a scam of some sort, where’s the scam? Could this be some strange glitch on Googles side? Has Google just used some third party 2FA service provider to send me the message? And if so, why would they settle for a company that make their messages look like strange phishing attempts?