AuthPoint Push Phishing Toggle
Phishing is a very well-known technique of social engineer attack used by hackers to access user’s and companies´ sensitive information. Phishing is usually applicable for password compromise and malware, but an emerging threat is a technique called MFA fatigue or MFA push spam. The technique consists of an attacker, that has the credential information of a user (username and password), to send a consecutive, stream of push notifications to the user’s phone, until he approves one of them.
To mitigate this kind of attack, we have added a push phishing toggle feature on the AuthPoint mobile app. After a push notification is received on the app, recognized as a non-legit request by the user and denied, he can choose to disable the reception of new push notifications on his mobile to avoid the push fatigue and minimizing the chance to approve incorrectly an authentication request. At any time, the user can enable again the receiving of new push notifications.
Combine with authentication policies for better protection!
The push phishing or push fatigue can be a relatively easy way for attackers to get access to companies’ assets. Allow a user to disable push notifications is one more tool to help companies to prevent unauthorized access. Combined with other features, like policy restriction (for example, time policy to not allow user access after working hours or during weekends and geo kinetics, to automatically deny authentications done from different locations/small time interval), AuthPoint provides options to minimize the occurrence of this kind of attack.
Check if your mobile app has been updated to version 2.1.0 (Android or iOS) to take advantage of this new feature and learn more about AuthPoint: