Facebook hacker beat my 2FA, bricked my Oculus, and hit the company credit card

[optymizer]

How would someone use that code to hack into my GV account? Wouldn't they also need to know my password or have access to my e-mail account to login or to reset your password?

[teraflop]

Because OP specifically mentioned Google Voice, my guess is that it was a phone number "ownership" code, rather than a 2FA code per se.

The attacker was probably trying to create a new Google Voice account forwarding to OP's phone number. They could then use the new GV account as its own "legitimate" phone number in order to engage in other scams.

(Alternatively, OP's password might have already been compromised, and this was the last stage of a targeted attack by someone trying to get into their account.)

[TomVDB]

They don’t.

They want to link a new GV account to a real phone number that is not theirs, so that they can use the GV number for other scams.

It only works when your phone number doesn’t already have a GV linked to it.

[bagels]

Wouldn't the victim have to send the code back to the scammer for it all to work?

[avidiax]

Hey! I want to buy your used Ikea furniture!

Just a quick safety precaution to make sure: I'm going to text you a code, can you just send it back to me to confirm?

Thanks!

[fastball]

Seems easier to just buy a SIM card for cash, no?

[Jolter]

I don’t use GV, but presumably if they can make Google send you an auth SMS then they have already input your password. I’m guessing it was leaked in some big password leak, and not phished at an earlier time.