Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

JP Chua

By: JP Chua on April 8th, 2024

Print/Save as PDF

Beware of MFA Prompt Bombing! [Video]


Have you experienced multiple Multi-Factor Authentication prompt approvals in multiple succession? Pause and don’t hit approve unless you're the one who is logging. I’m here to warn you that if you’ve experienced something similar to what I mentioned, someone is likely trying to access your account.

There has been a rise in these sorts of attacks and unfortunately, it’s becoming more common.  

This attack is called Multi-Factor Authentication prompt bombing. It is when a hacker gets a password for your account and will repeatedly send multiple authentication requests to your phone, with the hope that you’d get notification fatigue and accidentally approve it. That will give them access to your entire account, which could potentially put your entire business at risk. 

There are three steps to avoid becoming a victim of an Multi-Factor Authentication prompt bombing attack. They are: 

  1. Never approve uninitiated Multi-Factor Authentication prompts. Unless you’re physically logging into your account, you should assume that any unexpected authentication requests you receive is someone attempting to gain access to your account.
  2. Immediately report the incident to your IT department or Managed Service Provider. The sooner they know, the faster they can secure your account and protect your data.
  3. Lastly, spread the word to your entire team. Share this video with the rest of your team. It’s vital that everyone, from the CEO down, knows about these kinds of threats. Doing so could help prevent a successful attack.

Now that you know what Multi-Factor Authentication prompt bombing is, you can be sure to avoid becoming a victim. Learn more about other ways you can protect your business’ IT by watching our other videos. 

Here at ITS, we help small and medium-sized business make the most of their technology and ensure its safety. If you want to partner with us, be sure to schedule a meeting today. 

What Businesses Need to Know About Managed Cybersecurity Services