Multi-factor authentication (MFA) Scam

Multi-factor authentication (MFA) is a great tool to use to better secure your passwords. This requires you to type in your password and also requires you to provide another key from either a text message or email. There have been cases where a person accidentally approves an MFA notification from cybercriminals. If this is approved, the cybercriminals then can gain access of your accounts and sensitive information.

In a new scam, cybercriminals obtain your login credentials and will send you multiply MFA requests. Their goal is to send you so many notifications that you then get annoyed and give them access. Once they have access to your MFA they are able to update the settings to send all notification including authorization codes to their devices instead of yours. Cybercriminals have total access to the account including any data that may be in there.


  • Create strong passwords that are easy for you to remember but difficult to crack. If cybercriminals can’t get into your account they won’t be able to send notifications.
  • Never approve an MFA notification that you did not request.
  • If you get an MFA notification for your account and you weren’t trying to log in, change your password to the account right away.  

Learn more tips like this and train your employees with our Security Awareness Training Program.