How to protect yourself from MFA Fatigue Attack on Indian Accounts?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

MFA Fatigue Attack on Indian Accounts

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, Phishing, OTP

How MFA Fatigue Attack on Indian Accounts Works

Overview: Multi-Factor Authentication (MFA) fatigue attacks exploit the growing use of two-factor verification among Indian bank customers. Scammers bombard users with repeated authentication/push requests, tricking them into approving a fraudulent login or transaction out of confusion or frustration. This scam endangers even those who use strong passwords, as attackers bypass security by preying on human behavior. How It Works: If a scammer obtains your account details (possibly from prior data breaches or phishing), they attempt to log in repeatedly, triggering continuous OTP, SMS, email, or app push notifications. The user, annoyed by repeated pop-ups, might eventually approve one, thinking it is a regular login request. That single approval gives the attacker immediate account access, allowing them to transfer funds, approve new beneficiaries, or lock you out. India Angle: MFA fatigue attacks are rising in India as UPI, net banking, and Aadhaar-based authentication become mandatory for many online services. Demographics targeted include busy professionals, frequent online shoppers, and anyone using push notification-based authentication (for example, via SBI YONO, ICICI iMobile, or Digilocker). Real Examples: - You receive ten successive OTP or push notifications late at night and approve one to stop the noise. - "Sir, if you keep getting approval requests, please confirm one for your safety," a scammer texts anonymously. Red Flags: - Multiple OTP or approval requests when you are not actively logging in - Feeling pressured into approving login or authentication prompts - Occurs after recent data breach or suspicious login attempts - Approval requests from devices or locations you do not recognize Protective Measures: Reject all unexpected OTP or push authentication requests. Do not approve any notification unless you personally initiated it. Change your password if you notice a surge in authentication prompts, and notify your bank immediately. If Victimised: Deny all future requests and reset your online banking credentials. Report the fraudulent access to your bank and cybercrime.gov.in. Monitor all linked accounts for unauthorized activity. Related Scams: - Credential stuffing using leaked login/passwords - SIM swap attacks where fraudsters try to intercept OTPs.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does MFA Fatigue Attack on Indian Accounts Target?

General public across India

Red Flags — How to Identify MFA Fatigue Attack on Indian Accounts

Multiple OTP or push approval requests in succession
Authentication prompts when you’re not logging in
Device/location in approval message looks unfamiliar
Pressure (internal or external) to approve notification

What To Do If You Encounter MFA Fatigue Attack on Indian Accounts

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report MFA Fatigue Attack on Indian Accounts in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is MFA Fatigue Attack on Indian Accounts?: Overview: Multi-Factor Authentication (MFA) fatigue attacks exploit the growing use of two-factor verification among Indian bank customers. Scammers bombard users with repeated authentication/push requests, tricking them into approving a fraudulent login or transaction out of confusion or frustration. This scam endangers even those who use strong passwords, as attackers bypass security by preying on human behavior. How It Works: If a scammer obtains your account details (possibly from prior dat
How does MFA Fatigue Attack on Indian Accounts work?: Overview: Multi-Factor Authentication (MFA) fatigue attacks exploit the growing use of two-factor verification among Indian bank customers. Scammers bombard users with repeated authentication/push requests, tricking them into approving a fraudulent login or transaction out of confusion or frustration. This scam endangers even those who use strong passwords, as attackers bypass security by preying
How to protect yourself from MFA Fatigue Attack on Indian Accounts?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report MFA Fatigue Attack on Indian Accounts in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.