I always get those pretending to be Coinbase or Google.
Do not even respond Y/N on these, it's always the hook for whatever comes next. Just block and move on.
Last week I had more than a dozen attempts to access my Microsoft using Authenticator login. I ended up disabling that as an option completely.
These tech companies want us to move on to 'passwordless' login, but then they don't have adequate protection tools on their end. If I say no twice, they should flag the IP, check for patterns attempting access across the rest of their userbase, and work with VPS providers and local law enforcement to block abusive users. If they're not doing that, why am I trusting them with 'passwordless' logins?
RE: Analysis of a Scam