MFA Fatigue: What it is and how scammers exploit it

Q: What is MFA fatigue?

MFA fatigue is when scammers send repeated authentication prompts hoping you’ll approve one by mistake.

Q: Why do scammers use MFA fatigue attacks?

They rely on confusion or frustration to get a single approval, which may allow account access if a password is already compromised.

Q: What should I do if I keep getting MFA prompts?

Don’t approve them. Change your password, review account activity, and contact the provider through official support if it continues.

Home

Glossary

MFA Fatigue

MFA fatigue is a tactic where attackers send repeated login approval requests to overwhelm or frustrate a user into approving one. If approved, the attacker can bypass multi-factor authentication and take over the account, even though MFA is enabled.

What is MFA Fatigue?

MFA fatigue is a scam and account-takeover tactic where attackers repeatedly send multi-factor authentication (MFA) prompts to a person, hoping they will eventually approve one by mistake. Once a single prompt is approved, the attacker may gain access to the account.

This tactic targets the human side of account security.

Multi-factor authentication (MFA) is designed to stop unauthorized logins by requiring a second approval, such as a push notification, text code, or app prompt. MFA fatigue attacks exploit this system by flooding a person with repeated requests, often at inconvenient times, until one is approved.

The approval doesn’t mean the login is legitimate, it just means the attacker succeeded in getting consent.

How MFA Fatigue Looks in Real Life

MFA fatigue attack showing multiple push notifications to approve — Example of multiple push notifications, a sign of an MFA fatigue attack.

MFA fatigue usually begins after a scammer already has your password, often obtained through phishing or a data breach.

You might experience:

Repeated push notifications asking you to approve a sign-in you didn’t request
Login alerts arriving late at night or early in the morning
MFA prompts appearing again and again within minutes
A follow-up message or call claiming to be “IT support” or “security” asking you to approve the request to stop the alerts

Over time, it can feel easier to tap “Approve” just to make the notifications stop. That moment of frustration or distraction is what the attacker is waiting for.

Common MFA Fatigue Scenarios

MFA fatigue attacks are most often seen with accounts that use push-based authentication, including:

Work or school email accounts (commonly reported with Microsoft or Google services)
Cloud and productivity tools
Financial or payment-related accounts
Social media or messaging platforms

In some cases, MFA fatigue is combined with impersonation, where the attacker contacts the victim and claims the repeated prompts are part of a “security check.”

Why MFA Fatigue Is Dangerous

MFA fatigue is risky because it turns a security feature (MFA) into an access point.

If a single unexpected MFA request is approved:

The attacker may gain full access to the account
Passwords, messages, or files can be stolen
Financial accounts may be accessed or linked
The compromised account may be used to target others with scams

This is why security providers warn users that approving one incorrect MFA prompt can undo the protection MFA is meant to provide.

Signs You May Be Experiencing MFA Fatigue

You may be facing an MFA fatigue attempt if:

You receive MFA prompts you did not initiate
Requests arrive repeatedly or in rapid succession
Prompts continue even after you ignore them
Someone contacts you asking you to approve a login “to fix an issue”

Legitimate services and companies do not repeatedly prompt you unless you are actively trying to sign in.

How to Protect Yourself from MFA Fatigue

Never approve MFA requests you didn’t initiate
Change your password immediately if you receive repeated, unexpected prompts
Check recent login activity in your account security settings
Do not respond to follow-up calls or messages asking you to approve a request
Contact the service provider using official support channels you find yourself‍
Use a trusted free scam checker like Scamwise to review suspicious messages, calls, or emails before taking action

If MFA prompts continue after changing your password, your account may still be under attack and should be reviewed by the provider.

FAQs

What is MFA fatigue?
MFA fatigue is a tactic where attackers send repeated authentication prompts hoping a user will approve one by mistake.

Why do scammers use MFA fatigue attacks?
Because if they already have your password, a single approved prompt can give them access without needing to “hack” the account.

What should I do if I keep getting MFA prompts?
Do not approve them. Log in directly through the official app or website, change your password, review login activity, and contact the provider if the prompts continue.

Does MFA fatigue mean MFA is unsafe?
No. MFA is still one of the strongest protections available, but it only works if unexpected requests are denied.

Related terms

OTP (One-Time Password)

Verification Code Scam

Account Takeover (ATO)

Related terms

OTP (One-Time Password)

Verification Code Scam

Account Takeover (ATO)