Another scam - this one bank related

Sometimes I feel like Little Red Riding Hood, walking through the forest, with a wolf behind every tree.

Sound Credit Union just sent out a warning about a "MFA Bombing Scam"

Multi-Factor Authentication (MFA) is one of the best ways to protect your accounts. It adds an extra step, like entering a code sent to your phone after your password, to make sure it’s really you logging in. 

But fraudsters are always looking for ways to get around security and scammers have found a way to turn this safety feature against you. 

One tactic on the rise is MFA Bombing (also known as MFA Fatigue or MFA Spamming) and here’s how it works:

• A scammer gets your login info—maybe from a phishing email, malware, or on the dark web.
• They try to log in.
• You get a flood of MFA requests via phone call or text.
• They hope you’ll eventually respond to make the notifications stop.

And if you do, they’re in.

Another tactic scammers use is sending fake MFA requests that trick you into clicking a link and logging in to a fraudulent website, where they can steal your username and password.

What to do? How to protect yourself?

1. Only approve MFA requests you have initiated. 
2. If you aren't logging in, deny or delete the request. 
3. Change your password right away if you get multiple requests you didn’t trigger.
4. Let your bank know.