Protect your business from MFA Fatigue Scams

Multi-factor authentication (MFA) is a crucial tool for securing your online accounts by utilising an extra verification step for users to protect your accounts further. However, even with MFA enabled, your information isn’t always safe from cybercriminals; a new tactic is MFA fatigue.

This involves sending repeated login prompts in the hopes you will eventually approve one by mistake, granting unauthorised access to your accounts for cybercriminals.

How do they work?

1. Fake Support Text Messages: Cybercriminals bombard you with MFA prompts by attempting to log into your account multiple times. Then, they send a text pretending to be from a support team, claiming they’ve noticed unusual activity. They might instruct you to approve the “verify your identity” prompt. Approving it, however, gives them control over your account.
2. Verification by Phone Call: They request a phone call MFA prompt to your registered number. If you answer and approve the call, they gain access.

How to protect yourself?

Never approve unrequested MFA prompts: If you receive an unexpected MFA prompt, do not approve it. For shared accounts, always confirm with other users before taking action.

Change your passwords: Upon receiving an unsolicited MFA prompt, immediately change your password for that account and any others using the same credentials.

Use unique, strong passwords: Having a strong, unique password for each account makes it difficult for attackers to access the MFA step.

‍

By staying vigilant and following these tips, you can significantly reduce the risk of falling victim to MFA fatigue scams. Always be cautious and prioritise the security of your online accounts.