Have you ever received a multi-factor authentication (MFA) notification from an account that you didn’t request?
Multi-factor authentication (MFA) can help you protect your online accounts by requiring that you approve login attempts before you can access the accounts. However, if you accidentally approve an MFA notification that you didn’t request, cybercriminals may be able to access your accounts and personal information.
In a new scam, cybercriminals are annoying you into approving an MFA notification. If cybercriminals figure out your login credentials for an account, they can send you repeated MFA notifications. The cybercriminals hope that you will eventually approve a notification to stop the notifications from sending. Then, the cybercriminals can update the MFA settings in your account to send notifications to their device instead of your own. As a result, the cybercriminals can gain permanent access to your account and any personal information that’s in the account.
Follow these tips to stay safe from MFA scams:
- Never approve an MFA notification that you didn’t request.
- Create unique, strong passwords for each of your online accounts. If the cybercriminals can’t figure out your password, they won’t be able to scam you with MFA notifications.
- If you receive an MFA notification for an account that you aren’t trying to log in to, immediately change your password for the account.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.
