Diego

Not today, Satan, I did not reply YES

Rubber-hose style illustration of a confused tech professional holding a smartphone that asks “Reply YES?”, surrounded by magenta scam imagery, a mischievous devil with a phone, and warning icons, highlighting modern social-engineering scams and the importance of security awareness.

Today I almost got socially engineered. Not by a bad robocall. Not by something obviously fake. By something that sounded polished, urgent, and just believable enough to work on the wrong day.

I got a call from someone claiming to be T-Mobile. They told me a new user had been added to my account and two iPhones were about to be purchased under my name. That sentence is designed to short-circuit your brain. Fraud plus urgency is a powerful combo.

They said they needed to verify my account and that they would send me a one-time password.

Seconds later, a text arrived.

“T-Mobile: Resetting your password? For your security, reply YES to continue or NO to cancel.”

That was the moment everything clicked.

That text was not part of a fraud investigation. That text is what happens when someone initiates a password reset. The caller triggered it and wanted me to approve it. No hacking. No exploits. Just psychology.

When I didn’t respond, the story got thicker. I was given a full name. Elizabeth Edwards. A Gmail address. A physical mailing address. Even a fraud case number. This is classic social engineering. Overwhelm the target with details so it feels official enough to trust.

None of it was real.

Here is the rule that applies everywhere, not just phones.

No legitimate company will ever call you and ask you to approve a security action by replying to a text or reading them a code. That code is for you. The second you give it to someone else, you have already lost.

If this feels familiar, it should. This is the same pattern we see in Microsoft 365 every single day. MFA fatigue attacks. Fake SharePoint file alerts. Teams messages that trigger real consent prompts. Different logo, same scam. Trigger a real system message. Convince the user to approve it. Walk in through the front door.

If this happens to you, hang up. Do not reply to the text. Do not argue. Call back using a number you trust. For T-Mobile that means 611 or their official support line. Take control back on your terms.

Now, is this post directly Microsoft 365 related? No.

Is it absolutely about security awareness, user behavior, and the same human weaknesses that get tenants breached every day? One hundred percent yes.

Security does not fail because the tech is broken. It fails because someone is rushed, scared, or overwhelmed at the wrong moment. That someone can be anyone. Including people who do this stuff for a living.

I am going to share stories like this from time to time because awareness beats policy documents every single day. If reading this makes you pause the next time your phone rings or a prompt pops up, it did its job.

And when that happens to you: hang up. Read the text. Call back on a number you trust.

As for you, fraudster: not today. I read the documentation. You triggered the wrong prompt.

Unknown's avatar

Published by Diego

I am a Microsoft 365 architect and newly minted MVP with a passion for turning technology into something people actually love to use. With more than 20 years in web development, IT administration, and systems integration and 16+ years dedicated to SharePoint, Teams, the Power Platform, and Copilot, I specialize in modernizing legacy solutions, streamlining development processes, and building governance frameworks that are practical, sustainable, and human centered. In recent years I have been deeply focused on Copilot readiness and adoption, helping organizations move beyond "just keeping the lights on" to unlocking creativity, collaboration, and entirely new ways of working. Outside of work, I am a Certified Scrum Master, global speaker, community builder, and blogger at UnsuckM365, where I share no fluff stories from the field. I am also a bedroom DJ who believes music and technology share the same rhythm: both connect people, tell stories, and inspire new ways of thinking.

Leave a comment