Well. Nothing like getting an SMS "here's your verification code" message for an account you didn't recently log into to get your immediate and undivided attention.
@greyduck It's when you get the phone call asking for that information that you know what's really happening.
As long as you don't use the code you're usually safe.
@nomad Getting a code over SMS at least suggests that someone successfully got past the "enter the password" stage, though.
@greyduck No, it suggests they were trying to get your password (for most services, you haven't said which one this was for).
I get those from Google all the time because $idiot didn't remember their account is mumblefrids232 not mumblefrids. (I'm sure I also get them from people actually trying to break in, but those are probably much less often.)
@nomad There's that.
Still, worth giving my accounts a once-over to make sure there's no actual sign-in activity I don't know about. Safe > Sorry.
@greyduck That is *always* true.
Sign-in activity checked on both possible relevant accounts, and things look clean for now.
But still, it was worth double-checking. Gotta take this stuff seriously.