Phishing Attacks

This one is particularly dangerous.

A phishing attack is a trick played on you to give up personal information such as 2 factor authentication codes or other sensitive information. Generally this is done by pretending to be someone at company that you use. This could be an entire thread by itself. But the general rule is not to give information to someone who called you. If you call or setup an account at a company then you generally have to give your information, but there is no way to verify that the person who called you unsolicited is in fact an employee at your bank.

I will leave you with a devious example. Some dude, we'll call him Bob got a text on this phone from Eve, who previously owned that phone number had accidentally left 2 factor authentication active on an account. So Eve needs the 2 factor authentication code from Bob's new phone number so that Eve can remove 2 factor authentication from her account. Bob gave the go ahead and told Eve the 2 factor authentication code. Now Eve has access to Bob's banking account, as she had used the "Forgot my Password" feature of the bank account, and only needed that 2 factor authentication code to take over the account.

Do not give 2 factor authentication codes to people who contact you. If you get a 2 factor authentication code texted to your phone but you did not try to login or otherwise needed a 2 factor authentication code at that moment, then someone is trying to access your account.