The Digital Shared Services Information Security team is warning all staff about a growing threat involving false Multi-Factor Authentication (MFA) prompts through the Microsoft Authenticator app.

The threat involves what is known as MFA fatigue attacks. Malicious actors will repeatedly send MFA requests to users, hoping one will be approved by mistake. The objective of these attacks is to gain unauthorized access to internal systems, applications, or sensitive data.

What You Should Do:

Notify the Information Security team via the Service Desk as soon as possible.

• Do not approve any MFA prompt that you did not initiate.
• If you receive an unexpected prompt:
  • Tap “Deny” on the request.S
  • Select “Report as fraud” if prompted.
• Immediately change your password if you suspect any unauthorized activity.
• Notify the Information Security team via the Service Desk as soon as possible.

The Information Security team is actively monitoring for this threat and any unusual login activity, but your awareness and caution is essential to maintaining a secure digital environment.

If you have any questions or need assistance, please contact the Service Desk.

Submitted by:  Digital Shared Services