Table of Contents

πŸ” Duo Fraudulent Authentication Requests (Push Fatigue Protection)

Purpose: To explain what a fraudulent Duo authentication request is, how push fatigue attacks work, and the correct best-practice user behaviour when using Duo MFA.

πŸ“Œ Platform

🚨 What Is a Fraudulent Duo Request?

A fraudulent authentication request occurs when a user receives a Duo push notification without actively attempting to log in.

This usually means:

This method is commonly known as:

Push Fatigue Attack Attackers repeatedly send push notifications hoping the user will press *Approve* out of confusion, habit, or frustration.

πŸ›‘οΈ Best Practice – Correct User Behaviour

βœ… 1. Open Duo BEFORE Logging In

Users should:

  1. Open the Duo Mobile app on their device.
  2. Then initiate the system login.
  3. Immediately approve the push while actively viewing the request.

Opening the Duo app before logging in ensures:

  • The push is expected.
  • The approval is intentional.
  • No delayed or mistaken approvals occur.

βœ… 2. Only Approve When Actively Logging In

If you are not logging into a system:

DO NOT APPROVE THE REQUEST

Unexpected push notification = 🚩 Security incident.

❌ 3. Never β€œWait for the Prompt”

Do NOT:

Multiple pushes in a short time = high likelihood of attack.

πŸš‘ If a Fraudulent Request Is Received

Users must:

  1. Press Deny
  2. Immediately report to IT
  3. Change password if instructed

Treat every unexpected Duo push as a potential account compromise.

πŸ”Ž Why This Is Critical

MFA only protects the organisation if:

One accidental approval can result in full account compromise.

πŸ“’ End-User Awareness Message (Short Version)

If you are not logging in and receive a Duo push:

  • Press Deny
  • Report it immediately
  • Do NOT approve it

Always open the Duo app before logging in.

πŸ“Š Risk Level

Threat Type Impact Likelihood Risk Level
Push Fatigue / MFA Bypass High Increasing Globally πŸ”΄ High

πŸ“… Review Cycle

Author: Mike Last Updated: DATE