In an irritating form of cyber-attack, hackers may spam your devices with multifactor authentication/two-factor authentication (MFA/2FA) prompts in order to annoy you into approving the login request. For those of you who don’t know, MFA and 2FA systems are a common way to secure your accounts. When logging into an account, MFA/2FA systems will send you a prompt to verify your identity from a different device. You may have seen either of these in action when an application or website has asked you to input a code that was texted to your phone, or if you have received a notification to either accept or deny a log in attempt. This technology was designed to act as a barrier between hackers and your accounts. Now, hackers are finding ways to circumvent this security measure in order to still gain access to your accounts.
Hackers are taking advantage of the prompts that authentication systems send to your devices. Since there is no limit on the number of prompts that can be sent in any period of time, hackers will spam your device with log in prompts relentlessly. Their goal is to annoy the victim into accepting the log in prompts so that the notifications will stop. You may have heard this type of attack called “MFA fatigue” due to its ongoing, annoying nature. This attack uses social engineering to trick the user into accepting a fraudulent log in request. This technique is particularly effective late at night since users want the notifications to stop so they can sleep, but can be equally effective at a busy office where a person just wants to stop the constant interruptions. It is important to remember to never accept a log in prompt that seemingly comes out of nowhere or that was not initiated by trying to log in to your account yourself.
There are a few different forms that this attack can come in. Hackers might send a series of back-to-back requests, like mentioned above, or they may send just a few prompts a day. This method is less obvious, yet often produces the same result. Additionally, hackers might use a mix of vishing, or voice phishing, and fraudulent MFA requests. With this, hackers might call their victim posing as an employee of a certain company, then ask the victim to accept a log in prompt that they send. All of these attacks may be perpetrated using email, text, voice calls, or any other sort of communication method that you may receive MFA or 2FA prompts through.
This doesn’t mean that MFA and 2FA programs are not effective; generally, and when used correctly, they are quite effective at stopping unwanted access. However, even with them in place, it is important to watch out for potential security breaches and scams. If you experience one of the above methods of attack, do not accept the prompts. By doing so, you are giving the hacker permission to enter your account. Instead, contact a professional, like Blue Oak, who can give you guidance on what to do next!
Read our previous post here: Getting Started With Cryptocurrencies
