Question OTP codes being blocked following e-mail/spam bomb

Fuzzylogik

New member
Oct 8, 2024
4
0
1
Visit site
Two weeks ago I was subject to an e-mail/spam bomb. Approximately 30 minutes after the bomb began, someone made four purchases via my Amazon account. I use unique, at least 20-character passwords for everything, so it's a little unclear how that happened (although I typically remain logged-in to Amazon on my cell phone; yes, that will stop). No other purchases were made elsewhere. I discovered the purchases about 16 hours after everything began, changed my password with Amazon, forced all devices to be logged out, and then spoke with Amazon as well as my bank about the fraud. Despite the spam bomb, I thought everything was back to normal. In the interim, I have discovered that when I request OTP codes from both Amazon as well as Google (others???), I will receive the codes but when I try to input them, I receive a text from 125392 that notes "Sorry, this service is not available." I have looked high and low and cannot figure out how to fix this. I have considered wiping my phone and rebuilding it but am not sure that would address the problem. Any thoughts?
 

B. Diddy

Senior Ambassador
Moderator
Mar 9, 2012
167,036
7,127
113
Visit site
Welcome to Android Central! Sorry to hear about this hassle. When you go this email/spam bomb, did you click on any embedded link, or did you immediately mark it as spam and delete it?

Which phone do you have? Go to the system settings and search for "Premium SMS" -- make sure your messaging app is allowed to access Premium SMS.
 

Fuzzylogik

New member
Oct 8, 2024
4
0
1
Visit site
Thank you, B. Diddy. No, I did not click on any link and, when the "bomb" went off I was asleep and the purchases were made shortly thereafter. I have a Galaxy S23+. I just checked and premium text messages are enabled.

The biggest concern that I have is that when I am challenged and receive an OTP code, I am receiving the error. To be clear, I CANNOT complete an OTP challenge with Amazon or Google (possibly others?). I'm trying to figure out if this is fixable, if I need to do a fresh install, or whatever I need to do in order to get this problem resolved. At first I thought that this was an Amazon problem, but it's clear to me now that is not the case.
 

B. Diddy

Senior Ambassador
Moderator
Mar 9, 2012
167,036
7,127
113
Visit site
Did you also change your Google password, just to be safe? Also, now is a good time to make sure you have several 2nd step authentication and recovery methods for your Google account: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform=Android

Also, see if you can set up an authenticator app (like Google Authenticator) to be the 2nd step for your Amazon account, rather than an OTP via text. In order to do so, you'd have to clear your Amazon 2-step verification first, and then set it back up.
 

Fuzzylogik

New member
Oct 8, 2024
4
0
1
Visit site
I had not changed my Google password...not a bad idea. Also did not know that Amazon used authentication. Good idea.

Can you think of any way to undo the OTP hijack? Or identify HOW the OTP hijack is occurring? In Messages (my SMS reader) I've looked in the Message Settings as well as Spam & Blocked and have not identified anything that looks off. I'm concerned not just about what I know now (i.e. Amazon and Google) but what I don't know that may affect me in the future. Right now I just don't trust my phone.
 
Last edited:

Fuzzylogik

New member
Oct 8, 2024
4
0
1
Visit site
I have T-Mobile. I'm embarrassed I had to just look up what a SIM swap was (I was familiar with the act, just not the name). If I understand what a SIM swap is correctly, the new device with my pertinent info would now receive all new communications -- text, phone calls, etc. -- as well as control all of the apps that I had downloaded. If that is correct, I am still able to use my phone, receive calls, text to and receive texts from others, etc. so it would appear that has not occurred -- correct? The only thing I am aware of that has been affected are the OTPs (exclusive of the initial fraud on my Amazon account). I've checked all of my credit cards and there are no unexplained charges (except the Amazon charge). I've changed the Amazon password (immediately) and Google (today) passwords. I do use 1Password but, as best I can tell, it's about as secure as a password manager can be.
 

Members online

Forum statistics

Threads
948,951
Messages
6,940,956
Members
3,161,298
Latest member
Logj88