version 26.6.3 · Self-Help · Printing~3 min read

Don’t approve unexpected MFA prompts

If your phone keeps buzzing with login approval requests you didn’t start, someone has your password and is trying to wear you down.

  1. Never approve a multi-factor prompt you didn’t personally trigger by logging in just now.
  2. Recognise repeated prompts as an approve-bombing attack — they’re hoping you’ll tap yes to make it stop.
  3. Tap ’No’ or ’Deny’, and never enter a code that an unexpected caller asks you to read out.
  4. Change your password immediately, since the attacker clearly already has the old one.
  5. Report it to your IT team right away — the prompts mean your password is compromised.
  6. Where offered, switch to number-matching or an authenticator app over simple yes/no approvals.

Still stuck after those?

You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.

+61 421 346 887
5.0
★★★★★ on Google · loading…
Read all on Google →