I still think this is fishy. When I went to log into my Yahoo email account this morning it popped up a screen that said they had detected questionable activity on my account and that I needed to either email or call for a verification code. The screen was very confusing. I clicked "call" and my cell phone rang immediately with the caller ID showing South San Francisco. I did not answer. Gave it a few minutes and was able to log into my Yahoo account without any problem. If this really is Yahoo, they need a better system.
This is 2nd factor security voice line for Yahoo (Mail).
Yahoo sends you a code so, in addition to your password (Factor #1: something you know), you are asked for a one-time code, sent to your phone (Factor #2: something you have). They don't use biometrics (Factor #3: something you are). Most thriller/spy movies only use one of these methods, and the techies cringe.
I meant to press the "text me the code" button, but the mouse slipped and hit the "call me with the code" button, and my cell phone rang immediately. Waited a bit, then hit the "text" button, got the code, typed it in, and I logged on OK.
At some point in the past when you set up the Yahoo account, you must have given them your text/cell or landline number as a security backup. If something other than a one-time login code is being supplied to you, or there's a human on the line, then someone is spoofing their number.