MFA Prompt Bombing Attacks: How Scattered Spider Does It and How to Stop It

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Push-based MFA was a meaningful security upgrade over password-only authentication. It is no longer sufficient against targeted attackers. The Scattered Spider group — responsible for breaches at Uber, MGM Resorts, Caesars Entertainment, and the 2026 UK retail attacks against Marks & Spencer, Co-op, and Harrods — documented MFA push bombing as a core technique: flood the victim's phone with authentication requests, call them pretending to be IT support, tell them to approve the notification to stop the alerts.
The vulnerability is architectural. Push notifications without number matching give users no information about the login attempt they are approving. Approving the push is binary — the user has no way to distinguish a legitimate login from an attacker's login. This guide covers the specific configuration changes that close the fatigue attack vector and the migration path to phishing-resistant MFA for organizations that need to go further.
How the attack works
Understanding the attack sequence helps prioritize which controls to deploy first.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
Fix 1: Enable number matching (highest-impact, lowest-effort change)
Number matching is the single configuration change that has the highest impact on MFA fatigue attacks. It is available in all major MFA platforms and requires no additional licensing.
With number matching enabled, when an authentication request is submitted, the MFA application displays a 2-digit number to the requester (on the login screen). The push notification received on the victim's device requires them to enter that specific number — not just tap approve. An attacker conducting a push flood cannot provide the correct number because they cannot see what is displayed on the victim's login screen. The attack fails regardless of how many push requests are sent.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Fix 2: Add rate limiting and anomaly detection for MFA requests
Number matching stops fatigue attacks where the user is the weak link. Rate limiting stops the flood itself from being a viable attack mechanism.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
Fix 3: Migration path to phishing-resistant MFA
Number matching significantly hardens push-based MFA against fatigue attacks. It does not protect against adversary-in-the-middle (AiTM) phishing attacks that capture both credentials and MFA session tokens in real time. The complete solution for the highest-risk accounts is phishing-resistant MFA: FIDO2 hardware keys or passkeys.
Phishing-resistant MFA is not susceptible to fatigue attacks, AiTM attacks, or social engineering because authentication is cryptographically bound to the specific origin domain — a credential issued for your-company.com cannot authenticate against an attacker's fake-your-company.com, regardless of how convincing the phishing page is.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
The bottom line
The configuration path that stops MFA fatigue attacks is clearly defined: enable number matching in your MFA platform immediately (this stops the specific push flood technique), configure rate limiting on authentication attempts, and build a detection rule for push flood patterns. For privileged accounts, deploy FIDO2 hardware keys as the complete solution. These changes require no new tooling purchase and no extended project timeline — number matching is a configuration toggle that can be enabled today.
Frequently asked questions
Does number matching stop all MFA bypass attacks?
Number matching stops MFA fatigue/prompt bombing attacks specifically. It does not stop adversary-in-the-middle (AiTM) attacks that use real-time phishing proxies to capture both credentials and session cookies. For complete MFA protection against AiTM attacks, deploy FIDO2/passkeys which are origin-bound and cannot be proxied.
What is the difference between MFA fatigue and SIM swapping?
MFA fatigue exploits push-based MFA by flooding the user with approval requests. SIM swapping attacks the SMS MFA channel by porting the victim's phone number to an attacker-controlled SIM, allowing them to receive SMS codes. Both are MFA bypass techniques. SMS-based MFA is vulnerable to SIM swapping; push-based MFA without number matching is vulnerable to fatigue attacks. FIDO2 hardware keys are resistant to both.
How did Scattered Spider bypass MFA at Caesars and MGM?
Public incident reporting indicates Scattered Spider combined credential theft (via phishing or social engineering of employees) with MFA fatigue attacks (push flooding) reinforced by helpdesk social engineering. At MGM, the group reportedly called the IT help desk impersonating an employee and convinced the agent to reset MFA, gaining initial access without needing to bypass MFA at all. Both vectors — MFA fatigue and helpdesk social engineering — require separate controls.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
