How to protect yourself from MFA Fatigue Attack on Indian Bank Accounts?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

MFA Fatigue Attack on Indian Bank Accounts

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: Phishing, OTP

How MFA Fatigue Attack on Indian Bank Accounts Works

Overview: Multi-factor authentication (MFA) fatigue scams exploit victims by bombarding them with repeated authentication/OTP requests via SMS, email, or app notifications. This relentless tactic pressures the user into approving a fraudulent login request, allowing scammers to access the victim's account and siphon money. As Indian banks roll out stronger MFA under RBI mandates, scammers have adapted with persistent attacks. How It Works: 1. Scammer repeatedly tries to log in to the victim's online bank account using known credentials (from leaks or phishing). 2. This triggers several MFA or OTP requests to the victim's phone/email/bank app. 3. Confused or annoyed, the victim may accidentally or intentionally approve the login. 4. Scammer immediately transfers money or resets other security settings. India Angle: These attacks are rising in India post-2026 RBI MFA mandate. Victims are concentrated in large cities and among digitally active populations—tech workers, students, and busy professionals. Attacks exploit lack of awareness about why multiple OTP requests should be treated with suspicion. Real Examples: - "I received 6 back-to-back OTPs from my bank without logging in myself. Then I got a call saying it's a system error and to just approve one." - "The app kept buzzing until I clicked approve—money was debited soon after." Red Flags: - Multiple unrequested OTPs or authentication prompts in short succession - Calls/messages blaming 'technical glitches' and prompting you to approve/enter a code - Unexpected login attempts from new locations/devices - Unusual emails asking to verify unexpected account activity Protective Measures: - Never approve authentication prompts you didn’t initiate - Contact your bank if you get repeated OTPs or login alerts - Change your password and enable app-based or biometric MFA if available - Log out and review login activity in your banking app If Victimised: - Contact your bank to freeze the account - File a complaint via 1930 and cybercrime.gov.in - Review and remove unauthorized devices from your account Related Scams: 1. SMS phishing combined with MFA requests 2. Social engineering calls requesting help with "fraud" using your codes 3. Fake remote support apps triggering multiple OTPs

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does MFA Fatigue Attack on Indian Bank Accounts Target?

General public across India

Red Flags — How to Identify MFA Fatigue Attack on Indian Bank Accounts

Numerous OTP/authentication prompts you didn’t request
Calls blaming tech issues and requesting approval
Login alerts from

What To Do If You Encounter MFA Fatigue Attack on Indian Bank Accounts

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report MFA Fatigue Attack on Indian Bank Accounts in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is MFA Fatigue Attack on Indian Bank Accounts?: Overview: Multi-factor authentication (MFA) fatigue scams exploit victims by bombarding them with repeated authentication/OTP requests via SMS, email, or app notifications. This relentless tactic pressures the user into approving a fraudulent login request, allowing scammers to access the victim's account and siphon money. As Indian banks roll out stronger MFA under RBI mandates, scammers have adapted with persistent attacks. How It Works: 1. Scammer repeatedly tries to log in to the victim's o
How does MFA Fatigue Attack on Indian Bank Accounts work?: Overview: Multi-factor authentication (MFA) fatigue scams exploit victims by bombarding them with repeated authentication/OTP requests via SMS, email, or app notifications. This relentless tactic pressures the user into approving a fraudulent login request, allowing scammers to access the victim's account and siphon money. As Indian banks roll out stronger MFA under RBI mandates, scammers have ada
How to protect yourself from MFA Fatigue Attack on Indian Bank Accounts?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report MFA Fatigue Attack on Indian Bank Accounts in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.