Skip to main content


Home MFA bombing

MFA bombing

(also multi-factor authentication bombing)

MFA bombing definition

MFA bombing, alternatively known as multi-factor authentication bombing, is a cyberattack method in which malicious actors seek to inundate a user's multi-factor authentication (MFA) procedures. This bombardment of MFA requests by attackers can lead to confusion and disruption of the user's authentication routines and in some instances could provide hackers a way around security safeguards.

See also: man-in-the-middle attack, brute-force attack, firewall, data integrity

MFA bombing examples

  • Email flood: An attacker sends countless MFA emails, hoping the user will accidentally approve a fraudulent request amid the chaos.
  • Text message overload: The attacker sends excessive MFA SMS messages, aiming to confuse the user or hide a malicious authentication attempt.

Advantages and disadvantages of MFA bombing (from the attacker's perspective)

Tampering attacks are similar to injection attacks, where malicious data is inserted into a system. However, the difference lies in the intent and outcome — tampering attacks aim at altering existing data, while injection attacks focus on introducing new data.

Pros and cons of tampering attacks (from the attacker's perspective)

Pros:

  • Effective disruption: For the attacker, MFA bombing can create confusion, disrupting the user's typical MFA process and potentially leading to successful account compromise.

Cons:

  • Noticeability: Due to the barrage of requests, users may quickly become aware of suspicious activity.
  • Detection: Modern security systems can detect abnormal MFA request behavior and take action to protect user accounts.

Avoiding MFA bombing

  • Stay alert: Pay close attention to all MFA requests and only approve requests you initiated.
  • Use an app: An MFA app instead of email or SMS can provide additional security measures and notifications.
  • Report suspicious activity: If you notice excessive MFA requests, contact your service provider immediately.