MFA Prompt Bombing
The Latest Scams

MFA Prompt Bombing

Multi-factor authentication (MFA) provides an extra layer of security for your accounts, but it’s important to think before you click. Cybercriminals can use an attack method called MFA prompt bombing to get around MFA protections and overwhelm you with prompts via email, text message, or phone call.

For example, cybercriminals may attempt to log in to an account using your credentials. Then, they’ll request a phone call MFA verification, which is sent to the phone number you use for MFA. Cybercriminals will often request these verifications late at night when you’re asleep and unprepared. If you accept the phone call and press the button to verify your identity, you may grant the cybercriminals access to your account. Once the cybercriminals bypass your MFA, they can use your account to achieve their malicious goals.

Don’t let MFA give you a false sense of security. Follow the tips below to stay safe from MFA prompt bombing scams:

  • Never approve an MFA notification you didn’t request. If you have a shared account, verify the MFA request with the other account holder before taking action.
  • If you receive an MFA notification you didn’t request, immediately change your password for the associated account. You should also consider updating your passwords for any accounts that use the same credentials.
  • Create unique, strong passwords for each of your accounts. Without your password, it’s difficult for cybercriminals to reach the MFA step of the login process.

Stop, Look, and Think. Don’t be fooled.

Protect your network! Learn more about security awareness training for your team.

Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest

More Posts

MFA to Zero Trust Image
Cybersecurity

How to go from MFA to Zero Trust

Increased connectivity, coupled with the rise of remote and hybrid work, is prompting organizations to evolve their user access security and make strides toward a

Cybersecurity Training Image
Cybersecurity

Yearly Cyber Training Doesn’t Work

If you’re sticking to once-a-year sessions for your employees, it’s time to rethink your approach. Let’s face it, it’s likely dull and uninspiring. And if

Fact vs Myth Image
Cybersecurity

Debunking 5 Common Internet Myths

In the vast landscape of the internet, myths and misconceptions often abound, shaping our perceptions and influencing our online behaviors. At Citynet, we’re committed to

SuperPod with WiFi 6E

Plume SuperPod WiFi 6E Specs

SuperPod with WiFi 6

Plume SuperPod WiFi 6 Specs

SuperPod

Plume SuperPod Secs