X Sound CU App on Google Play Store Sound CU App on App Store
Sound Credit Union Mobile
Sound Credit Union
PLAY STORE
APP STORE
Sound CU App rating
VIEW VIEW

Don’t Get Caught in an MFA Bombing Scam

Financial adviceLife & Finances

A women cautiously checking their phone.
Fraudsters are always looking for ways to get around security, and a new social engineering strategy called MFA Bombing is on the rise. Learn more about this tactic and ways to protect yourself.

Don’t Get Caught in an MFA Bombing Scam

Multi-Factor Authentication (MFA) is one of the best ways to protect your accounts. It adds an extra step like entering a code sent to your phone after your password to make sure it’s really you logging in. But fraudsters are always looking for ways to get around security and scammers have found a way to turn this safety feature against you. A new tactic is on the rise called MFA Bombing (also known as MFA Fatigue or MFA Spamming) and here’s how it works:

  1. A scammer gets your login info—maybe from a phishing email, malware, or information found on the dark web.
  2. They try to log in.
  3. You get a flood of MFA requests through text, email, or an authentication app.
  4. They hope you’ll eventually hit “approve” to make the pop-ups stop.

And if you do, they’re in.

Why It Works for Scammers

Scammers rely on their targets being busy or distracted, or even thinking that there could just be a glitch. After enough notifications, it’s tempting to just clear them all out, especially if you don’t know what’s going on. The goal is to tire their target out and have them confirm their identity via MFA notification.

How to Protect Yourself

  • Only approve MFA requests you have initiated. If you weren’t logging in, deny the request.
  • Change your password right away if you get multiple requests you didn’t trigger.
  • Use an authenticator app instead of text messages if possible. It’s harder for scammers to exploit.
  • Let us know immediately if this happens to you. The sooner you report it, the faster we can help lock things down. Connect with us at your nearest branch, by phone, or by chatting with a Live Agent online.

The Bottom Line

MFA is still one of the best ways to protect your accounts, as long as you’re the one who started the login. If something feels suspicious, trust your gut and don’t approve it.

If you think your Sound account has been targeted, chat with us right away or stop by your closest branch. We’ll help secure your account and stop the fraud before it can cause damage.

Share

You may also like…

A father teaches his son about financial budgeting using cash.

What Are the Best Tools for Teaching Kids About Money?

Financial literacy is a lifelong journey and the best time to begin is now. Teaching your kids the benefits of understanding money and investing early will set them up for a brighter future.

two people planning at table with papers in hand and laptop

Saving for Major Life Expenses

Whether you’re saving for a wedding, buying a home, or bracing for both in the same 12-month stretch, the key to staying financially grounded is knowing what you need when, and building a plan that keeps you in control.

what is a certificate of deposit

What Is a Certificate of Deposit? Understanding the Basics and Benefits

Learn what a certificate of deposit is, its benefits, and how to maximize your earnings with Sound Credit Union.