Multi-factor authentication (MFA) helps protect your online accounts by making you approve login attempts. However, enabling MFA doesn\u2019t guarantee that your information is safe. If cybercriminals get your login credentials, they can use a tactic called MFA fatigue to try to access your account. In MFA fatigue scams, cybercriminals try to overwhelm you with prompts via email, text message, or phone call so you approve their login attempt.<\/p>\n\n\n\n
Fake Support Text Messages<\/strong><\/p>\n\n\n\n To set up this scam, cybercriminals trigger repeated MFA prompts by attempting to log in to your account multiple times. Then, they text you and claim to be a support team representative who has noticed the unusual behavior. To verify your identity and protect your account, the representative says that you need to approve the prompt. However, if you approve the prompt, the cybercriminals will be able to access your account.<\/p>\n\n\n\n Verification by Phone Call<\/strong><\/p>\n\n\n\n In another MFA fatigue scam, cybercriminals wait until it\u2019s late at night when you\u2019re likely asleep and unprepared. Then, they attempt to log in to your account using your credentials. If they\u2019re successful, they\u2019ll request a phone call MFA prompt to the phone number you use for MFA. If you answer the phone call and press the button to verify your identity, you\u2019ll grant the cybercriminals access to your account.<\/p>\n\n\n\n What Can I Do to Stay Safe?<\/strong><\/p>\n\n\n\n Follow the tips below to stay safe from MFA fatigue scams:<\/p>\n\n\n\n Remember… Stop, Look, and Think. Don’t be fooled.<\/p>\n\n\n\n\n