An attacker can simply send your email address to a legitimate service, and prompt for a 6-digit code. You can’t know for sure if the code is supposed to be entered in the right place. Password managers (a usual defense against phishing) can’t help you either.
I don’t understand. Is the email already compromised? Gmail requires 2 factor authentication via android to log into your email on new devices so there’s that.
No, this is a phishing attack. Attackers create a fake website that asks for your email. You give your email, then they relay that address to the legitimate service. The legitimate service sends you an email with a code. The fake service asks for that code. If you give it, they then own your account.
I don’t understand. Is the email already compromised? Gmail requires 2 factor authentication via android to log into your email on new devices so there’s that.
No, this is a phishing attack. Attackers create a fake website that asks for your email. You give your email, then they relay that address to the legitimate service. The legitimate service sends you an email with a code. The fake service asks for that code. If you give it, they then own your account.
Ah thank you. Makes much more sense.