Where does the 24255 text message come from?
24255 is Affirm‘s—the “Buy Now, Pay Later” company’s—official short code.
It’s used for two-factor authentication, purchase confirmations, and payment reminders. The code itself is legitimate—but scammers can mimic it.
If a message asks for login credentials, pressures you into clicking a link, or uses urgent language, it’s not from Affirm.
Who owns the short code 24255?
- Registered to Affirm—the fintech company behind Buy Now, Pay Later services
- Also used by AT&T for carrier billing notifications and account updates
- Listed in US and Canadian short code directories as belonging to Affirm
- Commonly identified as Affirm’s number across caller ID databases in the United States
This checks out across multiple independent sources. Affirm customers on Reddit regularly confirm they receive legitimate transaction messages from this number.
Why you got a text from 24255
- 2FA codes—someone logged in to (or tried to log in to) an Affirm account tied to your number
- Purchase confirmations—transaction alerts after completing a Buy Now, Pay Later checkout
- Payment reminders—upcoming due dates and charge notifications
- Virtual card alerts—a merchant tried to charge an old one-time Affirm card (common with Amazon or Walmart subscriptions)
- AT&T billing—payment confirmations, billing reminders, or account updates for mobile customers
- Promotional messages—marketing offers if you’ve opted in
The 2FA codes are the most common reason people search for this number. If you didn’t initiate a login, someone likely entered your number by mistake.
Here’s one that catches people off guard: virtual card notifications. If you ever created a one-time virtual card through Affirm, that card stays in their system. Months later, when a merchant tries to charge it for a subscription renewal, 24255 sends you an alert—even if you haven’t opened the Affirm app in ages.
Is the 24255 short code safe or a scam?
Threat Level: MODERATE
- Verification code you requested → safe, standard security protocol
- One unexpected code → likely harmless, someone mistyped their number
- Multiple unexpected codes → suspicious, possible account takeover attempt
- Message asks for passwords or personal info → scam
The short code is legitimate. The concern is what’s inside the message.
Routine messages about transactions, payments, or billing don’t ask for sensitive data.
But when you receive an unexpected verification code, it means someone typed your phone number into a login form—and that code is the last thing stopping them from getting in.
Could be a typo. Could be an account takeover attempt. Don’t share it either way.
One code vs multiple codes—here’s why it matters
A single verification code from 24255 when you haven’t done anything usually means someone mixed-up their phone number during Affirm checkout. They’ll realize the error when the code doesn’t arrive at their actual phone.
Multiple codes within minutes? That’s different.
Attackers use automated tools to repeatedly trigger 2FA codes—a technique security experts call “MFA fatigue.”
They’re counting on you to either click “approve” out of annoyance or call a fake support number they provide.
How smishing attacks use 24255
Scammers can’t easily spoof the actual short code, but they can craft convincing fake messages that appear to come from Affirm or AT&T.
These messages include links to phishing websites designed to steal your login credentials, credit card numbers, or personal information.
The fake sites look nearly identical to the real Affirm login page. You enter your username and password thinking you’re securing your account—but you’ve just handed your credentials to criminals.
Affirm’s security page is clear: they will never ask for passwords, Social Security numbers, or full account numbers via text.
Real Affirm messages only contain verification codes or transaction summaries—never requests for login credentials.
How to spot a 24255 phishing scam
| Feature | Official Affirm message | Phishing attempt |
| Links | affirm.com or att.com | bit.ly/random, aff1rm.com, affirm-verify.net |
| Requests | Verification codes, payment summaries | Passwords, SSN, bank details |
| Tone | Informational, no urgency | “Act now!” or “Account will be closed!” |
| Follow-up | None—codes are one-way | Calls asking you to share the code |
What Affirm will never do via text
Affirm’s help center makes this explicit. They will never:
- Ask for your password or PIN via text
- Request your Social Security number
- Demand you share a verification code with anyone
- Include links asking you to “verify your identity”
- Pressure you to call a number to “fix” your account.
If a message from 24255 does any of these things, it’s not from Affirm.
What to do if you receive a suspicious text
If you’re an Affirm customer:
- Don’t click any links in the text. Open the Affirm app directly or type affirm.com into your browser.
- Check your account activity for purchases or login attempts you didn’t make.
- Change your password if anything looks off—use a strong, unique one you haven’t used elsewhere.
- Review your payment schedule and transaction history for unauthorized charges.
- Contact Affirm through the official app or website if you spot unauthorized purchases. Don’t reply to the text.
If you’re not an Affirm customer:
- Don’t engage—don’t reply, don’t click links, and don’t call any numbers in the message.
- Check your credit reports at AnnualCreditReport.com. Look for Affirm accounts or BNPL (By Now, Pay Later) loans you didn’t authorize.
- Forward the message to 7726 (SPAM)—this works across all major carriers and helps them identify fraudulent messages.
- Place a fraud alert or credit freeze on your reports if you find unauthorized activity.
If someone contacts you asking for a code they say was “accidentally” sent to your number, refuse. This is a common social engineering tactic where scammers use your phone number to verify accounts they’re trying to break into.
How to report suspicious messages
- Forward to 7726 (SPAM)—works across most carriers
- Report to Affirm—through their official website, even without an account
- File with the FTC—at ReportFraud.ftc.gov for phishing attempts requesting payment or personal info
The FTC’s guidance on text scams confirms that unexpected messages creating artificial urgency are classic smishing tactics. Forwarding to 7726 is especially useful if the message spoofs Affirm’s branding—your carrier will investigate.
FAQ
How do I stop texts from 24255?
Reply “STOP” to the message. This is the standard industry opt-out protocol for short code communications and works for both Affirm and AT&T messages. If messages continue after opting out, contact Affirm or AT&T customer service directly—continuing messages after replying “STOP” may indicate a technical issue or fraudulent activity.
Is 24255 a legitimate number?
Yes—24255 is the official short code for Affirm and AT&T. It handles two-factor authentication, transaction alerts, and account notifications. That said, receiving a verification code you didn’t request is a red flag for either a number typo or an unauthorized access attempt. The number is real, but the activity triggering it might not be.
Why did I get an Affirm code if I don’t have an account?
Three common reasons: someone mistyped their phone number during Affirm signup or checkout, your phone number was previously owned by someone with an Affirm account, or someone is attempting to create an account using your information. A single code is likely a typo. Multiple codes warrant checking your credit report.
Is there a 24255 scam?
The short code itself is legitimate, but scammers use smishing (SMS phishing) to impersonate Affirm and AT&T. They send fake messages from similar-looking numbers or link to phishing websites. These scams typically ask you to verify your identity, share a code, or click a link to a fake login page. Real Affirm messages never ask for passwords or sensitive information via text.
Should I reply to 24255?
Only reply “STOP” if you want to opt out. Don’t reply with your verification code, personal information, or questions about why you received it. Legitimate verification codes are one-way—you enter the code in the app or website, never in a reply text. Any message asking you to reply with the code is a scam.
Can scammers spoof 24255?
It’s harder to spoof short codes than regular phone numbers, but not impossible. More commonly, scammers craft convincing messages that mimic Affirm’s branding without actually spoofing the number. Always trust your Affirm app over any text message—log in directly through the app to verify any claimed activity rather than clicking links.
What if I clicked a link in a suspicious 24255 message?
If you clicked a link but didn’t enter any information, close the page and run a security scan on your device. If you entered your Affirm login credentials on a suspicious site, immediately change your password through the official app, enable two-factor authentication, and monitor your account for unauthorized purchases. Contact Affirm’s customer service to report the phishing attempt and consider placing a fraud alert on your credit reports.
Why am I getting multiple codes from 24255 in a row?
Multiple verification codes in quick succession typically indicate an MFA fatigue attack. Someone is repeatedly attempting to log in to an Affirm account associated with your phone number. Don’t approve any of these requests and don’t share the codes. Log in to your Affirm account directly (if you have one) to secure it, or ignore the messages entirely if you don’t use Affirm. Report the pattern to Affirm’s fraud department.
