Yes, if you did not make the request. this would be a red flag. But I'm guessing most reporting this did make the request and there were some safeguards in the initial request but do not remember the details.