My friend is trying to share some notes that he has however when entering the link the authentication prompts two numbers that have never been linked with my account. My email comes up on the first screen but in the second to send the link the numbers are not mine and i don't recognize them.
[Re-Titled by Moderator]
Original Title: Unrecognized numbers appear
Seeing unrecognized numbers during an authentication attempt is a significant security red flag, and you should stop immediately. Do not request a verification code or proceed with the login through that specific link. This situation usually stems from one of three scenarios: your account may have been compromised and the security details altered; your browser might be "ghost" logging you into a different account (like a family member's or an old work email) that is cached on the device; or the link itself is a phishing attempt designed to look like a legitimate login screen to steal your credentials.
To address this, your first step should be to manually verify your security settings without using the link your friend sent. Open a new browser tab and navigate directly to the security settings of the service you are using (such as your Google Account or Apple ID page). Look for the "Two-Step Verification" or "Recovery Phone" section. If you see the unknown numbers listed there, your account has been compromised; you must delete them, change your password, and force a sign-out on all devices immediately. However, if your correct numbers appear in these settings, your account is likely safe, and the issue is simply a browser error or a bad link.
If your settings look correct, the next step is to test the link in an isolated environment to rule out browser caching issues. Copy the link your friend sent and open an "Incognito" (Chrome) or "Private" (Safari/Firefox) window. Paste the link there and log in manually. If this works and prompts you with your correct phone number, the problem was simply that your browser was trying to authenticate a different, previously signed-in account. Additionally, you should contact your friend through a separate channel—like a text or phone call—to confirm they actually sent the link. If they did not, or if they claim they sent it to everyone in their contacts, it is almost certainly a phishing scam.
Finally, the solution may depend on the specific platform you are using. For example, Apple Notes often defaults to the Apple ID signed into the device settings rather than the browser, meaning you might be checking the wrong account's security details. Google Drive can easily get confused if multiple accounts are signed in simultaneously, often requiring an Incognito window to force the correct account selection. Similarly, Microsoft or OneNote users need to verify their "Security Info" directly on the Microsoft dashboard.
Seeing unrecognized numbers during an authentication attempt is a significant security red flag, and you should stop immediately. Do not request a verification code or proceed with the login through that specific link. This situation usually stems from one of three scenarios: your account may have been compromised and the security details altered; your browser might be "ghost" logging you into a different account (like a family member's or an old work email) that is cached on the device; or the link itself is a phishing attempt designed to look like a legitimate login screen to steal your credentials.
To address this, your first step should be to manually verify your security settings without using the link your friend sent. Open a new browser tab and navigate directly to the security settings of the service you are using (such as your Google Account or Apple ID page). Look for the "Two-Step Verification" or "Recovery Phone" section. If you see the unknown numbers listed there, your account has been compromised; you must delete them, change your password, and force a sign-out on all devices immediately. However, if your correct numbers appear in these settings, your account is likely safe, and the issue is simply a browser error or a bad link.
If your settings look correct, the next step is to test the link in an isolated environment to rule out browser caching issues. Copy the link your friend sent and open an "Incognito" (Chrome) or "Private" (Safari/Firefox) window. Paste the link there and log in manually. If this works and prompts you with your correct phone number, the problem was simply that your browser was trying to authenticate a different, previously signed-in account. Additionally, you should contact your friend through a separate channel—like a text or phone call—to confirm they actually sent the link. If they did not, or if they claim they sent it to everyone in their contacts, it is almost certainly a phishing scam.
Finally, the solution may depend on the specific platform you are using. For example, Apple Notes often defaults to the Apple ID signed into the device settings rather than the browser, meaning you might be checking the wrong account's security details. Google Drive can easily get confused if multiple accounts are signed in simultaneously, often requiring an Incognito window to force the correct account selection. Similarly, Microsoft or OneNote users need to verify their "Security Info" directly on the Microsoft dashboard.
I've tried with different browsers, checking the account numbers and also tried opening the link in several devices, still the two numbers that I don't recognize appear. It doesn't show my number or mail.
The weirdest part is that the screen before shows my email. Also I log in just before to see all these screens.
What you’re seeing does not mean your Apple ID is compromised, and it is not a phishing screen. Although it looks alarming, this behavior is a known issue with Apple Notes sharing and Apple’s authentication flow.
When someone shares a locked or private Apple Note, Apple may authenticate the share using the note owner’s Apple ID security methods, not the recipient’s. As a result, the first screen correctly displays your Apple ID email, but the next screen shows phone numbers that do not belong to you. Those numbers are associated with the person who owns the note. This happens because encrypted Notes are tied to the owner’s end-to-end encryption keys, so Apple references the owner’s trusted devices or phone numbers during verification, even though you are the one accepting the share. It’s confusing, but it’s due to Apple’s design rather than an account problem.
The reason your troubleshooting steps didn’t change anything is because this isn’t caused by browser caching, device issues, or multiple accounts being logged in. Trying different browsers, devices, or private windows won’t resolve it, because the authentication behavior is controlled by Apple’s backend and the way the note itself is shared.
To fix the issue, the note owner needs to take action. Your friend should try unlocking the note before sharing it again, as locked notes are the most likely to trigger this behavior. They can also remove you from the share and re-add you, or share the note directly from the Notes app on iOS or macOS instead of using a copied link. If the problem persists, duplicating the note and sharing the copy usually resolves it.
You should not select or attempt to verify using any of the phone numbers shown on that screen. Those verification options are not meant for you, and proceeding with them would not be appropriate.
In short, your Apple ID is safe, this is not a phishing attempt, and nothing is wrong with your account. It’s an Apple Notes sharing quirk, and the resolution has to be done by the person who owns the note rather than by you.
Unrecognized numbers are appearing during authentication for shared notes
