Persistent MFA Prompts
Latest Scams Image

Persistent MFA Prompts

Multi-factor authentication (MFA) can help you protect your online accounts by requiring that you approve login attempts before you can access the accounts. However, if you accidentally approve an MFA notification that you didn’t request, cybercriminals may be able to access your accounts and personal information. 

In a new scam, cybercriminals are annoying you into approving an MFA notification. If cybercriminals figure out your login credentials for an account, they can send you repeated MFA notifications. The cybercriminals hope that you will eventually approve a notification to stop the notifications from sending. Then, the cybercriminals can update the MFA settings in your account to send notifications to their device instead of your own. As a result, the cybercriminals can gain permanent access to your account and any personal information that’s in the account. 

Follow these tips to stay safe from MFA scams:

  • Never approve an MFA notification that you didn’t request. 
  • Create unique, strong passwords for each of your online accounts. If the cybercriminals can’t figure out your password, they won’t be able to scam you with MFA notifications.

If you receive an MFA notification for an account that you aren’t trying to log in to, immediately change your password for the account.  


Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest

More Posts

Scam Alert Email PDF Image
Cybersecurity

Trusted Email. Fake File. Real Danger.

Beware of Business Email Compromise (BEC) Scams Disguised as File-Sharing Requests Cybercriminals are getting more creative every day. And one of their favorite tricks right

Magnifying Glass Network Image
Cybersecurity

Think Antivirus Is Enough? Think Again.

For years, businesses have relied on antivirus software, firewalls, and email filters to defend against cyberattacks. These tools are important, but on their own, they’re