Similar to https://jira.atlassian.com/browse/JSDCLOUD-14987 

We observed an issue where email security scanners, used by some customers, automatically click on links in emails to detect potential threats.

As a result, the Approve/Decline links present in the Approval required customer notification emails are being triggered without any human interaction, causing users to unintentionally approve/decline certain requests, when the Security Settings are set to "Approvers can use 'Approve' and 'Decline' buttons without being signed in".

To mitigate this, we propose introducing friction in the unsubscribe flow. This could include one or more of the following measures:

• Adding a confirmation page before completing the approval/required action.
• Using CAPTCHA or similar verification to ensure human interaction.
• Including an explicit "Approval/Decline" button after the initial link click.

The goal is to ensure that approval/decline actions are intentional and only performed by actual users, thereby preserving the user’s Approval required preferences and preventing accidental approval/required actions in the workflows.

Workaround

Change the Security Settings of the Approval required customer notification to either "Approvers must be signed in to use 'Approve' and 'Decline' buttons" or "Don't show 'Approve' and 'Decline' buttons - approvers must select 'View request', sign in, and approve or decline from the request view".