If you ever receive a series of unfamiliar multi-factor authentication (MFA) requests, scammers already have your password and are spamming your MFA. But don’t panic. Instead, follow a few tips below from UWM IT.
First, change your password. When logging in to reset your password, it’s important that you don’t accidentally approve one of the scammer’s MFA requests. Therefore, when you’re authenticating, use your backup MFA method (preferably a phone call, text or six-digit code). If you’re not sure how to reset your password, visit this KnowledgeBase article to learn about the Self-Service Password Recovery process.
Now that you’ve created a new, difficult-to-guess password, find the “Lost Device? Sign out everywhere” option in your Microsoft account. This will ensure that the scammer who had your old password will be signed out of your account on their device.
It can be difficult to spot phishing scams. If you receive unsolicited messages on any platform, always be cautious. For UWM emails, if you’re ever unsure about a message, forward it to abuse@uwm.edu.
For more information, visit UWM’s cybersecurity webpage.
