Avoiding Prompt Bombing Scam with Phishing



            Resistant MFA

            Authentication threat targets Apple users with repetitive password reset notifications.

            By Bojan Simic, Co-founder, CEO and CTO at HYPR



            Recently, we learned about an aggressive phishing attack targeting Apple users, employing MFA prompt
            bombing to exploit a suspected vulnerability in Apple's password reset feature. This method isn’t novel,
            as it’s been previously blamed for attacks on Uber, Cisco and others.

            How does this happen? MFA prompt attacks rely on the human phenomenon of MFA fatigue. People
            typically  log  into  many  applications,  systems,  and  services  each  day  using  multiple  authentication
            methods. Many MFA providers grant access by accepting a phone app push notification or receiving a
            phone call and pressing a key as a second factor. For example, Uber used push notifications through an
            authenticator app. An attacker can usually issue multiple push notifications or keep calling until their
            request is finally accepted. Add in some socially engineered interactions, and it's inevitable that some
            users will approve a non-legitimate login request.

            In this situation, the user experienced MFA prompt bombing - an approach by attackers to overload users
            with  notifications.  It  relies  on  the  repeated  pressure  of  these  notifications  to  wear  down  a  person’s
            patience until they finally click "Allow,” and unwittingly provide the attacker with the authentication code
            needed to access the user’s account.





                                                                                                            108