+1 (877) 634-6847
Customer Support
Security Awareness Training Email

MFA Push Notification Exploitation

Explain MFA push fatigue attacks, how repeated prompts pressure users into approval, and what steps prevent accidental account compromise.

Browse All Training Emails
PhishingBox Logo
Banner

What You'll Learn Today:

MFA Push Notification Exploitation

Routine & Fatigue: An IT administrator's worst nightmares

Multi-Factor Authentication Pitfall

Scenario 1:

  • Your account credentials are obtained by a hacker who attempts to log in and pushes the MFA to your mobile device.
  • Out of habit, you hit allow the session.
  • Your account is now compromised.

Scenario 2:

  • Your account credentials are obtained by a hacker who attempts to log in and pushes notification after notification to your mobile device.
  • You do not allow access but fail to realize your account credentials are no longer safe.
  • The hacker contacts you via email, text, and phone call claiming to be from your IT department or security provider in an effort to persuade you to authorize the push notification.
  • You either fall for the trick or break down by accident from the sheer volume of sends and mistakenly hit allow.

Don't let routine or fatigue catch you off guard. If you receive a fraudulent push notification you didn't initiate, tell your IT department immediately and change your password.

Copyright © PhishingBox