Even better, once I had a financial institution tell me I needed to read them a one time code someone would text me. They were actually surprised I had a problem with it when it’s the scam playbook.

Isn't that just 2fa? It's not limited to web.