Alert
Recently, cyber threat actors are attempting to get around multifactor authentication (MFA) by using a technique known as MFA bombardment or MFA abuse. In this attack, the threat actor uses stolen credentials (gained from a phishing attack or purchased illicitly online) and then spams a user with MFA push notifications (prompts sent to a mobile phone where a user only has to press a button to grant access) to get the user to accept just one of the requests.