Arctic Wolf has recently observed customers receiving unsolicited Microsoft MFA (multi-factor authentication) text messages.

Arctic Wolf has recently observed customers receiving unsolicited Microsoft MFA (multi-factor authentication) text messages. These messages originate from legitimate Microsoft short code numbers; however, the source and intent have not been confirmed. This issue appears widespread, affecting organizations across multiple industry verticals.  

Example of Text Message

It is currently unclear whether this activity is due to a systemic issue on Microsoft’s side or part of a malicious campaign. At this time, Arctic Wolf has not identified any malicious activity or unauthorized access associated with these unexpected Microsoft MFA prompts. 

Recommendation 

Avoid Interacting With Unsolicited Microsoft MFA or other MFA Authentication Messages

Avoid interacting with any unsolicited MFA requests and report them to your security team. 

Resources

Understand the threat landscape, and how to better defend your organization, with the 2025 Arctic Wolf Threat Report

See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster