Don’t approve unexpected MFA prompts
If your phone keeps buzzing with login approval requests you didn’t start, someone has your password and is trying to wear you down.
- Never approve a multi-factor prompt you didn’t personally trigger by logging in just now.
- Recognise repeated prompts as an approve-bombing attack — they’re hoping you’ll tap yes to make it stop.
- Tap ’No’ or ’Deny’, and never enter a code that an unexpected caller asks you to read out.
- Change your password immediately, since the attacker clearly already has the old one.
- Report it to your IT team right away — the prompts mean your password is compromised.
- Where offered, switch to number-matching or an authenticator app over simple yes/no approvals.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.