Multifactor Authentication (MFA) is an excellent way to protect your accounts. It is a second form of protection beyond your account password, causing you to verify your identity before your account will log in. You can learn more about ‘What is MFA?’ in a previous PC Corp blog.
While the various MFA methods do provide extra protection, attackers continuously look for new ways to compromise security-enhancing practices. With MFA Fatigue, attackers who already have your account username and password, attempt to bypass your added MFA account protection by sending repeated account approval push notifications to your phone. These notifications overwhelm your phone in hopes that you approve one of them because you,
This technique to bypass MFA protections was recently seen targeting Microsoft Office365 users.
There is an excellent video of an MFA Fatigue attack demonstration in the GoSecure article here: https://www.gosecure.net/blog/2022/02/14/current-mfa-fatigue-attack-campaign-targeting-microsoft-office-365-users/
There are ways to mitigate against attacks of this nature noted in the above article link, such as:
Ultimately, you are the last defense against attacks on your accounts. It is your awareness of security threats and adherence to safe cyber practices that will help to protect your accounts and data.