"4 Ways Hackers use Social Engineering to Bypass MFA"

Multi-factor authentication (MFA) has been the recommended way to strengthen password access for users. But hackers are finding ways around MFA as well using social engineering. Here are a couple of popular methods used. One method is an Adversary-in-the-Middle (AITM) attack. In this hack, the users are tricked into thinking that they are logging into a real network, website, or app. The hackers then can capture passwords and use them to manipulate the requests for the MFA, which the victim unwittingly approves, granting the attacker access. MFA prompt bombing uses the push notification feature in authentication apps. Once they’ve gotten a password, hackers use it to log in, generating a MFA request. They count on the users either accepting the request or getting overwhelmed with multiple requests so they just accept one to get them to stop.

THN reports "4 Ways Hackers use Social Engineering to Bypass MFA"

Submitted by ebuckh

Submitted by Gregory Rigby on