2024-03-04
SECURITY HINTS & TIPS:
MFA Fatigue Scams
Multi-factor authentication (MFA) helps protect your online accounts by making you approve login attempts. However, enabling MFA doesn’t guarantee that your information is safe. If cybercriminals get your login credentials, they can use a tactic called MFA fatigue to try to access your account. In MFA fatigue scams, cybercriminals try to overwhelm you with prompts via email, text message, or phone call so you approve their login attempt.
Fake Support Text Messages
To set up this scam, cybercriminals trigger repeated MFA prompts by attempting to log in to your account multiple times. Then, they text you and claim to be a support team representative who has noticed the unusual behaviour. To verify your identity and protect your account, the representative says that you need to approve the prompt. However, if you approve the prompt, the cybercriminals will be able to access your account.
Verification by Phone Call
In another MFA fatigue scam, cybercriminals wait until it’s late at night when you’re likely asleep and unprepared. Then, they attempt to log in to your account using your credentials. If they’re successful, they’ll request a phone call MFA prompt to the phone number you use for MFA. If you answer the phone call and press the button to verify your identity, you’ll grant the cybercriminals access to your account.
What Can I Do to Stay Safe?
Follow the tips below to stay safe from MFA fatigue scams:
- Never approve an MFA prompt you didn’t request. If you have a shared account, verify the MFA prompt with the other account holder before taking action.
- If you receive an MFA prompt you didn’t request, immediately change your password for the associated account. You should also consider updating passwords for accounts that use the same credentials.
- Create unique, strong passwords for each of your accounts. Without your password, it’s difficult for cybercriminals to reach the MFA step of the login process.
Manitoulin Group of Companies Security Team
Cybersecurity@manitoulingroup.
Stop, Look, and Think. Don’t be fooled.