A buyer or seller asks to verify you’re a real person before the transaction. They send a six-digit code to your phone and ask you to read it back. That code is not a verification of your identity — it is a Google Voice registration code. By reading it back, you hand the scammer a phone number linked to you that they will use to defraud other people, with the trail pointing to your number.
The Google Voice verification scam is a low-friction identity fraud attack that requires no financial payment from the victim and produces no immediate visible loss — which is precisely what makes it so widely underreported and misunderstood. The victim typically does not lose money directly. What they lose is control over a phone number identity that a scammer then uses to conduct fraud against other people.
Google Voice is a legitimate service that provides a virtual US phone number linked to a real mobile number for verification. To set up a Google Voice number, Google sends a six-digit code to the phone number being used as the verification anchor. When a scammer tricks you into reading back that code, they complete a Google Voice registration that lists your real phone number as the verified anchor — giving them a functional, Google-authenticated US number tied to your identity.
The FTC reports that this scam most commonly occurs through peer-to-peer marketplace platforms — Facebook Marketplace, Craigslist, OfferUp — where a reasonable desire to verify the identity of a stranger before a transaction provides the cover story for the code request. The scam’s genius is that it reframes an attack as a safety measure: the scammer presents themselves as the cautious party wanting to protect themselves from fraud, when they are in fact running it.
The scammer reaches out as a buyer, seller, romantic match, or prospective tenant — any role that creates a plausible reason for a transaction to occur. On Facebook Marketplace, they express interest in something you are selling. On a dating app, they seem like a genuine match. On a rental platform, they ask about your listing. The initial contact is normal and does not immediately signal fraud.
Before proceeding — before meeting, before sending payment, before scheduling a viewing — the scammer says they want to verify you are a real person and not a scammer themselves. They frame this as a standard safety precaution: “I always verify people before I meet them for safety.” The framing is designed to make refusal seem suspicious and compliance seem reasonable. They say they will send a code to your phone and ask you to read it back to confirm you are who you say you are.
A six-digit code arrives by SMS. The text it arrives in says something like: “Your Google Voice verification code is [XXXXXX]. Don’t share it with anyone.” Most people notice the “don’t share it” warning — but assume it is a standard security disclaimer rather than a direct warning about exactly what is happening. The scammer is in the process of registering a Google Voice number and needs this code to complete it.
The moment you read back the code, the scammer completes the Google Voice registration. They now have a functional US phone number — linked to your real number in Google’s records — that they use to run other scams. When victims of those future scams report the number, the trail leads to your phone number, not the scammer’s actual device. The scammer discards the number and creates another as needed, repeatedly cycling through new victims to acquire fresh verified numbers.
No legitimate marketplace transaction, rental process, dating verification, or business interaction requires you to receive a code on your phone and read it back to another party. Every code you receive — from Google, from your bank, from any service — is a one-time authentication credential for your account only. The moment someone asks you to share a code sent to your phone, that request is either a scam or a major security mistake by a legitimate party. Either way, the correct answer is to keep the code to yourself.
The scammer uses the Google Voice number — anchored to your real number — to contact other victims in marketplace scams, romance fraud, and tech support fraud. When those victims report the number to law enforcement or platform trust and safety teams, it comes back to your number. In some cases this has led to confusion in fraud investigations where the actual victim of the Google Voice scam appears in records as the source of the fraudulent contact.
A Google Voice number can receive SMS verification codes from many services. A scammer who has set up a Google Voice number using your phone as the anchor may attempt to use it to receive two-factor authentication codes for accounts associated with your phone number. This creates a secondary attack vector beyond the initial number theft — making it important to reclaim the number quickly and check whether any accounts linked to your phone number have experienced unauthorized access.
Scammers who successfully obtain Google Voice numbers through this method often work in volume — acquiring dozens of verified numbers from different victims in a single day through the same marketplace or platform. Each number is used for a period, then abandoned when it accumulates fraud reports, and the cycle repeats. The individual victim may never experience direct financial harm but their number contributes to a fraud infrastructure that costs other victims thousands of dollars.
Google Voice scammers often target active marketplace sellers whose contact details appear in data broker databases. The more of your personal information that’s publicly accessible, the easier you are to target. Find out what data brokers currently have on you — free, in under 60 seconds.
The same public data that lets scammers find and target active marketplace users also feeds Google search results showing your personal information to anyone who searches for you. Here’s a practical guide to removing your name and contact details from Google Search and the data broker sites that power it.
