Clearly this is too late for this event, but I usually save the numbers of those sites that send two-factor codes into my contacts by the company name. So then the next time they send an access code, I see their name on the text, not just the originating texter’s digits (which are rarely an actual phone number sequence.) Most companies that perform this two-factor authentication use the same ‘from’ number each time.
That knowledge and process are a reason for this post. Not normally something I consider to be wary of.