9:41 📶 5G 🔋92%
Approve sign-in request
47
Enter the number shown on your other device to sign in.
🎣
Gotcha! This is MFA fatigue / push bombing.
This was a demo. No real push was sent.
What just happened?
MFA fatigue attacks happen after an attacker already has your password (leaked or phished). They try to log in over and over, firing dozens or hundreds of push notifications at your phone. The hope: you're sleepy, distracted, or just want the notifications to stop, so you tap Approve. That one tap gives them full access. Uber, Cisco, and many others have been breached exactly this way.
Red flags:
- Push notifications you didn't initiate. If you're not actively logging in, never approve.
- A flood of pushes. Multiple in quick succession = attack in progress.
- Pushes at odd hours. 3am, during holidays, etc.
- "Help desk" calls right after asking you to approve "to fix the issue" — a voice-phishing escalation.
What to do:
- Tap Deny / Report — never approve pushes you didn't initiate.
- Change your password immediately. The attacker already has the old one.
- Switch to number-matching MFA (Microsoft) or a hardware key (FIDO2/YubiKey) — these are phish-resistant.
- Notify IT/security. They can block the attacker session and check for other compromise.