Fake Two-Factor Authentication Scams
Tricks and 'MFA fatigue' attacks designed to capture or approve your second authentication factor.
Last reviewed: 1 June 2026
What this scam is
Fake 2FA scams target your second authentication factor — by phishing one-time codes, spamming approval prompts ('MFA fatigue'), or impersonating support to get you to approve or share a code.
How it works
After stealing your password, attackers need your second factor. They phish the code, or repeatedly trigger push approvals hoping you tap 'approve' to stop the noise, or call pretending to be support and ask you to confirm a prompt.
Common red flags
- Repeated unexpected approval prompts
- Calls asking you to approve a prompt or share a code
- Pressure to 'just approve to make it stop'
- Codes requested on a suspicious page
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
This is IT support — we're testing your account, please approve the login prompt on your phone.
Payment methods used
- Account takeover
- Financial theft
Who is usually targeted
- Anyone using 2FA
- Employees
- High-value account holders
What to do immediately
- Never approve a prompt you didn't initiate; deny it
- Change your password immediately (the attacker likely has it)
- Switch to app-based or hardware 2FA; review account activity
Evidence to preserve
- Prompt timestamps
- Caller/sender details
- Account activity logs
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
What is MFA fatigue?
It's when attackers spam you with login-approval prompts hoping you'll tap 'approve' out of annoyance. If you get prompts you didn't trigger, deny them and change your password — your credentials are likely compromised.