Security News > 2022 > November > How social media scammers buy time to steal your 2FA codes
At which point the crooks immediately try to use the combination of username + password + one-time code they just got hold of, in the hope of logging in quickly enough to get into your account before you realise there's anything phishy going on.
As a result, social media users are understandably concerned about protecting their accounts in general, whether they're specifically concerned about Twitter or not: Lure you to a real page with a facebook.com URL. The account is fake, set up entirely for this particular scam campaign, but the link that shows up in the email you receive does indeed lead to facebook.com, making it less likely to attract suspicion, either from you or from your spam filter.
Full access to your social media accounts could give the crooks access to the private aspects of your profile.
You could end up kicked off the platform, locked out of your account, or in public trouble, unless and until you can show that your account was broken into.
Simply put, by letting cybercriminals into your social media account, you ultimately put not just yourself but also your friends and family, and even everyone else on the platform, at risk.
Keep a record of the official "Unlock your account" and "How to deal with intellectual property challenges" pages of the social networks you use.