High riskSocial Media Scams

MFA Fatigue Scam

In this scam, an attacker who has your password repeatedly triggers multi-factor approval prompts or codes, hoping you approve one out of annoyance or confusion, granting them access to your account.

Quick verdict

Risk level
High risk
Scam type
Account takeover (push bombing)
Main red flag
Repeated, unexpected login approval prompts or verification codes you did not request.
What to do first
Deny all prompts, do not approve, and change your password immediately.

What this scam usually looks like

In this scam, an attacker who has your password repeatedly triggers multi-factor approval prompts or codes, hoping you approve one out of annoyance or confusion, granting them access to your account.

Example message pattern

Example pattern — not a real report
Example pattern: Your phone gets a stream of 'Approve sign-in?' prompts or codes you did not request, sometimes with a message urging you to 'just approve it'.

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • Repeated approval prompts or codes you did not trigger
  • A message urging you to approve to 'stop the prompts'
  • A call or text claiming to be support asking you to approve
  • Prompts at odd hours
  • Pressure and confusion

What to do

  • Deny all approval prompts you did not initiate
  • Change your password immediately from a trusted device
  • Switch to phishing-resistant MFA or number matching where available
  • Report the attempts to the service and your IT team

If you already clicked or replied

  • If you approved a prompt, change your password and sign out all sessions immediately
  • Re-enable and review MFA settings and devices
  • Check the account for unauthorised changes
  • Report the takeover to the service

What not to do

  • Do not approve prompts to make them stop
  • Do not approve at a caller's request
  • Do not ignore repeated unexpected prompts

Similar scams

High risk Text Message

Two-Factor Code Text Scam

In this scam a fraudster triggers a genuine two-factor or one-time code to your phone, then poses as support staff or a contact to pressure you into reading it back so they can take over your account.
High risk Social Media

Account Ransom Scam

In this scam, an attacker takes over your social media account, locks you out by changing the details, and demands payment, often in crypto or gift cards, to return access, which they rarely honour.
High risk Social Media

Instagram Verification Scam

This scam offers a blue verification badge or warns your account is at risk, then links to a fake login page that steals your password.

Frequently asked questions

Why am I getting these prompts?
An attacker likely has your password and is spamming approval requests, hoping you approve one. Deny them all and change your password immediately.
Support told me to approve to stop them. Should I?
No. Genuine support never asks you to approve a sign-in prompt. Approving grants the attacker access. Deny and report it.
I approved one. What now?
Change your password and sign out all sessions immediately, review MFA settings and devices, check for changes, and report the takeover.
How do I prevent this?
Use phishing-resistant MFA or number-matching, keep passwords unique and strong, and never approve prompts you did not start.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.