Cyber Alert: Beware MFA Scam on Microsoft Teams

McMaster IT Security is alerting the University community about potential Multi-Factor Authentication (MFA) scams on Microsoft Teams.  

Be cautious of cybercriminals disguising themselves as “Microsoft Identity Protection” and falsely posing as technical support to trick you into sharing your MFA code/number. 

Remember, McMaster University will never ask for your MFA code/number through Microsoft Teams or any other platform. If you receive such requests, do not respond and immediately report them to is-spam@mcmaster.ca. 

Here are some examples of how the scam messages might appear:   

McMaster will never ask for your Multifactor Authentication (MFA) code/number

(Screenshot of fraud Microsoft Teams chats requested from a Midnight Blizzard-controlled account Source: Microsoft.com)

“McMaster will never ask for your Multifactor Authentication (MFA) code/number.”

(Screenshot of fraud Microsoft Teams chats requested from a Midnight Blizzard-controlled account Source: Microsoft.com)

For more comprehensive information about this threat, visit the official Microsoft website: https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/ 

Stay vigilant against fraudulent phishing scams and report any suspicious activity to McMaster IT Security. For more information and how to protect yourself against these types of scams, please also see The Importance of Protecting Yourself from Scams.    

To enhance your cybersecurity awareness, explore the following McMaster IT Security resources: 

• IT Security phishing resources 
• IT security tips for students 
• Cyber security tips for remote working 
• IT security resources