Skip to content
AI & Modern ThreatsFoundationalRising threat

MFA Fatigue and Push-Bombing

Security Awareness Essentials 2026About 4 minutesIncludes video
01Why this matters now

The attacker already has your password

Push-bombing only works because the attacker got past the first factor. They spam approval prompts, betting that annoyance or confusion makes you tap yes. One tap is all it takes.

Reviewed and signed off by
SK
Sanne Kuijpers
Lead Red Team Operator, HackersHub
Verified
Sources
  • ENISA Threat Landscape 2025, AI-enabled fraud
  • Reported deepfake CFO fraud case, 2024