If cybercriminals obtain your login credentials, they can exploit a tactic known as MFA fatigue, where they bombard you with prompts through email, text, or phone calls in an attempt to pressure you into approving their unauthorized access.
Fake Support Text Messages
To execute this scam, cybercriminals repeatedly attempt to log into your account, generating multiple MFA prompts. They then send you a text message, pretending to be a support team representative who has detected unusual activity. Claiming that you need to verify your identity to secure your account, they pressure you to approve the prompt. If you do so, you inadvertently grant them access to your account.
Verification by Phone Call
In another variation of the MFA fatigue scam, cybercriminals target you late at night when you’re likely asleep and unprepared. They attempt to log into your account using your credentials, and if they succeed, they will request a phone call MFA prompt to the number linked to your account. If you answer the call and press the button to verify your identity, you inadvertently give them access to your account.
What Can I Do to Stay Safe?
Follow the tips below to stay safe from MFA fatigue scams:
- Never approve an MFA prompt you didn’t request. If you have a shared account, verify the MFA prompt with the other account holder before taking action.
- If you receive an MFA prompt you didn’t request, immediately change your password for the associated account. You should also consider updating passwords for accounts that use the same credentials.
- Create unique, strong passwords for each of your accounts. Without your password, it’s difficult for cybercriminals to reach the MFA step of the login process.
