I sure don’t feel safe just ignoring it, considering the frequency.

  • MajorHavoc@programming.dev
    link
    fedilink
    English
    arrow-up
    34
    ·
    edit-2
    4 months ago

    If it keeps happening, prefers middle of the night (to where you live) hours, and you often get a really big batch in a row, then yes, it’s probably an attempted hack.

    In any case, I would making sure your password is strong and isn’t reused anywhere else, and set up multi factor authentication…

    Edit: It was pointed out to me that this has an approve/deny on it. Looks an awful lot like an MFA Fatigue attack. The attacker plans to keep doing it until you slip up and approve it accidentally while fumbling to unlock your phone at midnight sometime.

    You should change your password immediately, if you haven’t already.

    Weird. Sure looks like MS may be sending these without requiring your password. That’s…not great. Because of the fatigue attack aspect. See what you can configure. I would disable this function on my account, if I could.

    Again, that’s if you’ve gotten dozens of these. If you got 3, it’s someone who mistyped their email as yours.

      • MajorHavoc@programming.dev
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        4 months ago

        Oh, I missed that in the gutter of the message.

        This is a common attack tactic, then, called MFA Fatigue. It also means they probably have Ops password already. Or Ops service provider is doing something dumb. (MFA requests shouldn’t be sent out without the other factor being known.)

        Edit: There’s no approve link there. Just ignore these. If you got a lot of these, do setup MFA.