To prevent fraud, we require the users to link their account to a mobile phone number. We send a code by SMS.
Fraudsters use hacked social networks to convince “friends” to send them the code they will receive.
Even if the message clearly say not to give this message to an other person, they still do:
Verification code mysite.com: 12345 Never communicate this code to someone else!
How do you lower the rate of this issue? Or fight it?