You may be familiar with multi-factor authentication — an extra security step that helps protect your accounts from unauthorized login attempts. In a recent scam, cybercriminals are hoping to take advantage of this security feature and access your accounts and information.
When you enable multi-factor authentication (MFA) and log in to an online account, the service will send you a confirmation link or code through text or email in order to approve the login attempt. Providing this code helps verify that you are the account owner and completes the login. A new scam involves cybercriminals repeatedly trying to log in to your account — which will cause you to receive several MFA notifications. The scammer is hoping you will grow tired of the constant notifications and eventually approve one to silence them. If you were to approve this unprompted MFA notification, the cybercriminal would be given access to your account, and any information included.
Luckily, it’s easy to keep yourself safe from an MFA scam. First, never approve an MFA notification that you didn’t request. Also, if the scammer could get far enough to request an MFA authorization, it means they know your account password. Be sure to create strong, unique passwords for each of your online accounts. If they don’t know your password, they won’t be able to trigger MFA notifications. If you receive a notification from an account that you aren’t trying to log in to, change your password right away!
We hope that spreading awareness of these common phishing scams helps you stay vigilant and stay safe online. Click here to read about other online scams and get some great tips to help you protect your personal data.