Tech Tip: They Already Have your Password

Whatever you do, DON’T PANIC.

If you ever receive a series of unfamiliar Multi-Factor Authentication (MFA) requests, scammers already have your password and are spamming your MFA.

Multi-Factor Authentication (MFA) fatigue has become a popular tactic used by scammers when trying to gain access to your account. By bombarding you with frequent requests, the scammer hopes to get you to authenticate for them.

But like we said, there’s no need to panic! Because UWM IT is here to help.

First things first, change your password. When logging in to reset your password, it’s super important that you don’t accidentally approve one of the scammer’s MFA requests. Therefore, when you’re authenticating, we recommend you use your backup MFA method (preferably a phone call, text, or 6-digit code). Don’t know how to reset your password? Visit our KnowledgeBase article to learn about the Self-Service Password Recovery process.

Now that you’ve created a brand new, super hard to guess, not “Password”, password- you’ll want to find the “Lost Device? Sign out everywhere” option in your Microsoft account. This will make sure that whoever had your old password will be signed out of your account on their device.

It can be incredibly hard to spot phishing scams these days so as a rule of thumb if you receive unsolicited messages on any platform always be cautious. Specifically, for UWM emails, if you’re ever unsure about a message forward it to

Have more questions about MFA Fatigue? Visit our cybersecurity website!