BEST OF THE WEB

Cybercriminals uses MFA prompt bombing to trick users

Cybercriminals are constantly finding new ways to bypass Multi-factor authentication (MFA), a security measure that requires users to provide two or more pieces of information to verify their identity when logging in to an account.

One of the most recent methods is called MFA prompt bombing which involves sending a user multiple MFA requests in a short period of time. This can overwhelm the user and make them more likely to approve a request that they would not normally approve.

For example, a cybercriminal might purchase stolen credentials for an Uber employee. They would then use these credentials to try to log into the employee’s account. If the account is protected by MFA, the cybercriminal would start sending the employee multiple MFA requests.

The employee might be so overwhelmed by the number of requests that they would approve one of them without thinking. This would give the cybercriminal access to the account.

MFA prompt bombing is a serious threat, but there are steps that organizations can take to protect their users. One important step is to limit the number of MFA requests that can be sent in a short period of time.

Organizations should also educate their users about MFA prompt bombing and how to avoid it. Users should be told to be suspicious of any unexpected MFA requests, and they should never approve a request if they are not sure who it is from.

Also, users should use risk-based authentication to identify and block suspicious login attempts. They should also implement a strong password policy that requires users to create unique and complex passwords.

Additionally, users are urged to use a password manager to help users manage their passwords securely.

The sources for this piece include an article in CPOMAGAZINE.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web