Multifactor Authentication Prompt Bombing: What Is It and How Do You Protect Yourself?
Editor’s note: October is . This is the sixth in a series of blog posts dedicated to educating and informing you about cybersecurity practices. Check out the list below for links to the rest of the series:
- How Does Security and Privacy Work with Microsoft 365 Copilot?
- Follow These 3 Rules to Avoid Online and Phone Scams
- 3 Cybersecurity Measures SMBs Should Implement Now
- Microsoft Ends Support for Windows Server 2012 and 2012 R2: What Does That Mean for Your Business?
- Avoid These Six Cybersecurity Myths and Misconceptions
- How to Stay Secure: A Roundup of 7 Educational Cybersecurity Blog Posts
Ever get a notification on your phone that you either accidentally or quickly accepted without thinking? It happens to the best of us.
If you’ve implemented multifactor authentication (MFA) on most or all your accounts, that’s the first step toward securing your personal information, as your account is 99.9% less likely to be compromised if you use MFA. However, bad actors will try to trick you into accepting an MFA request through a process known as multifactor authentication prompt bombing.
What is MFA Prompt Bombing?
MFA prompt bombing is a social engineering tactic in which attackers obtain account credentials and send authentication requests to users, hoping they will accept them and grant access to the account or system.
In other words, if a hacker has your username and password for an account and you have MFA enabled, they won’t be able to get in without a second factor (could be a temporary code or a push notification sent to your phone). When they attempt to log in, you’ll get the request; all it takes is for you to accept that one request, and your account is compromised.
The idea is to get you to accept the request without thinking, since the average smartphone user gets multiple notifications a day, ranging from text messages and meeting notifications to news, weather and sports alerts.
Bad actors also know sending them at night gives them the best opportunity to compromise your account since you’ll be tired and more likely to accept a request without thinking about it.
Accepting one malicious prompt could result in expensive and severe consequences for you and your organization. Take the extra couple of seconds to think about what is being asked of you to ensure your accounts stay secure.
How Do You Protect Yourself Against MFA Prompt Bombing?
The most important thing you should know regarding MFA prompts is to never accept one you didn’t initiate. You will generally get an MFA request as soon as you attempt to log in. Any other request should be heavily scrutinized.
If you do get an MFA request you didn’t initiate, deny/ignore it. Log in to your account yourself and change your password immediately. If you use the same password for multiple accounts — which we’d strongly advise you not to — immediately change those passwords, as well.
Implementing MFA is the best way to increase the security of your accounts, but you need to be wary of MFA prompts you didn’t initiate. Accepting one malicious prompt could result in expensive and severe consequences for you and your organization. Take the extra couple of seconds to think about what is being asked of you to ensure your accounts stay secure.
What Should You Do if You Approve a Malicious Prompt?
If you do accept a malicious prompt, don’t panic, but it is important to take immediate action.
- Notify your IT department: Alert your IT staff or managed service provider about the incident. They will be able to assess the damage and take the appropriate measures to secure your account and prevent further attacks.
- Sign out everywhere: Many applications have an option to sign out of all devices. This will kick out an attacker logged in to your account, hopefully preventing them from doing any harm to you or your organization.
- Change your password: Once you know the attacker is out of your house, it’s time to change the locks. Use a strong, unique password you haven’t used before.
- Check for suspicious activity: Ensure there isn’t any suspicious activity, such as changes to your account information or unauthorized purchases. If you see anything unusual, alert your IT staff or MSP.
West Michigan Managed Service Provider
Need help finding the right MFA solution to protect your network and data? Contact us here to see how we can help keep your business running smoothly while increasing productivity, security and profitability.
