“MFA fatigue attack” occurs when an attacker takes advantage of this frustration and uses social engineering tactics to convince a user to bypass or disable MFA.
For example, an attacker might send a phishing email or text message that claims there is a problem with the user’s MFA and asks them to log in without using the extra security measure. If the user falls for this tactic, they may unwittingly give the attacker access to their account without realizing it.
