Multifactor authentication (MFA) is a valuable layer of protection that helps keep the bad guys out of your accounts. MFA bombing is a technique some bad guys use to get around MFA by annoying or confusing the victim into authenticating access they never requested.
The MFA methods criminals get around using MFA bombing are those which require either push notifications or a phone call coupled with pressing a number on their keypad. The criminals trick their victims into allowing access by sending many prompts—often at times the target is expected to be asleep. These attempts may be incessant over the span of a few hours or a few times a night. All the attacker needs is for the target to mess up one time.
- Keep your guard up. If you didn’t request access to an account, do not even consider pressing the AUTHENTICATE button.
- Consider looking into a form of MFA that uses FIDO2 framework, which is harder for the bad guys to get around.
- Remember: A company should never call you up and request you to send MFA credentials as a part of their process. Legit companies know the security risk this poses.
Want To Know More?
Learn about more kinds of MFA bombing from Ars Technica’s original post.
ABOUT FRONTLINE TECHNOLOGY LLC
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders. With over 20 years' experience serving organizations of all sizes, Frontline understands the unique needs, budgets, and technology challenges of nonprofits.
Technology is often perceived as complicated and expensive. Many nonprofits struggle to implement the technology solutions and security needed to drive their mission forward. Frontline Technology helps nonprofits overcome their technology challenges so they can stay focused on their mission.
For nonprofits of every type and size: We Keep IT Simple.
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders.