These messages are third party attacks that use an Intuit account set up to use SMS (cellphone) verification.
The attacker simply attempts to log in to the Intuit (typically TurboTax this month) account and requests a verification code to be sent to the telephone number. The attacker **does not need to know the telephone number**; just enough of the account login to get to the "2FA" (two factor authentication) stage.
The verification code is 6 digits long; one in a million to get it right! So, no; your ex can't get it right. However this is the "birthday problem":
An attacker (think "state actor") with a whole lot of Intuit account logins, just your user name, can reliably log in to one of them just by guessing the six digit number. It just takes a few thousand attempts.
It's tax season, so now is the time to do it. Roll out your carefully acquired list of millions of Intuit login IDs and simply get logging in. It's not, "Sooner or later you will get one." It's like one per second.
The messages we are receiving are **not** the ones we, individually, need to worry about; we will never know if our own Intuit account will be hacked. We are simply seeing the attempts to hack some other account because we acquired their telephone number after they dropped it!
The problem is not the message; the messenger was prekilled.
