A quickly rising technique that attackers are using is being dubbed “MFA Fatigue” aka “MFA Spam”.

Essentially the way this technique works: repeatedly attempting to log in with stolen credentials, even though the attacker is blocked by MFA, in the hopes that the victim will eventually get confused by or tired of the MFA prompts and hit approve on one. The attacker might even try to contact the victim, perhaps posing as someone “from IT”, to tell them they need to approve the MFA prompts they’re getting.

You should feel comfortable denying any MFA prompts that you aren’t 100% certain are coming up in response to your own login attempt. There are practically no scenarios where harm should be done by accidentally denying a legitimate MFA prompt, but accidentally approving an MFA prompt for an attacker’s login attempt will almost certainly have dire consequences.

Additionally, if you are receiving repeated unsolicited MFA prompts, you should change your password, and you should contact your IT support using known and approved contact methods. If you’re receiving repeated unsolicited prompts, it could be that an attacker has your password and is attempting this technique of MFA Fatigue. Your IT support should investigate what’s causing the prompts and assist you with any other necessary steps to help keep your account secure.