This article is part of my Cybersecurity Hygiene Series - I recommend reading the background information about the series first to understand how these tips are structured. See this post: Cyber Security Hygiene.
MFA Fatigue
Imagine this situation, you're in the middle of something important... perhaps a meeting or a lunch out and your phone just keeps constantly sending you "push" notifications asking you to approve a login. (Push notifications typically come from some sort of app on your phone like Duo or your banking app) It's becoming really annoying because they just won't stop! The only problem is, you're not trying to login to anything right now.
Some times people get so frustrated with this sort of thing that they just click "OK" in the hopes of making it stop - which is exactly why criminals use this tactic!
What To Do:
The most important thing is not to accept the push. This situation is a strong indication that a criminal already has the username and password and is trying to get you so frustrated that you will just accept the MFA push: the final thing they need in order to access your account!
Remember to SAPP! If you're too busy to deal with this right now for whatever reason, you have time to finish what you are doing (don't wait and hour but 5 -15 minutes isn't the end of the world) As soon as you can though, try to manually navigate to whatever system the notifications are about. Don't click a link, rather go to the site using a bookmark if possible or manually type in the address. Try to login using a different method than the one the criminal is trying (otherwise you won't know if the resulting MFA push is coming from the criminal still trying or from your legitimate attempt) So, for example if you are receiving lots of SMS messages on your phone, login using an authentication app or email verification instead. As soon as you have access to the account, change the password. If you used the same password anywhere else (you should never do this!) - change it there as well!
If you have any doubt or concerns about your account contact the support/security department for this service and notify them about what happened. If this is one of your work accounts you should always contact the security department and follow any applicable procedures to report a security incident.