AI & Modern ThreatsFoundationalRising threat
MFA Fatigue and Push-Bombing
Security Awareness Essentials 2026About 4 minutesIncludes video
01Why this matters now
The attacker already has your password
Push-bombing only works because the attacker got past the first factor. They spam approval prompts, betting that annoyance or confusion makes you tap yes. One tap is all it takes.
Reviewed and signed off by
SKVerified
Sanne Kuijpers
Lead Red Team Operator, HackersHub
Sources
- ENISA Threat Landscape 2025, AI-enabled fraud
- Reported deepfake CFO fraud case, 2024