Accredo Codes

Two SMS verification codes arrive within seconds of each other from shortcode 65821 — the SMS gateway for Accredo, a specialty pharmacy I have never had an account with. The codes are valid Accredo verification codes for an Accredo account. The phone number receiving them is mine. The account using that number for verification is not.

The two codes seconds apart are a retry — someone trying to log into the account twice in quick succession, presumably after the first attempt went stale or was entered wrong. Neither attempt could succeed without seeing the code on this screen, which I did not relay.

This is a phantom account — a different family of pattern from hop seeding. Where hop seeding manufactures an outbound metadata edge by inducing me to initiate a contact, the phantom-account pattern uses my phone number as the routing identifier on an account I do not own — the database edge already exists, in the service's records, tying my number to a customer I am not. More instances of this pattern, across other services, will surface as the record fills in.