Table of Contents
π Duo Fraudulent Authentication Requests (Push Fatigue Protection)
Purpose: To explain what a fraudulent Duo authentication request is, how push fatigue attacks work, and the correct best-practice user behaviour when using Duo MFA.
π Platform
- MFA Provider: Duo Security
- Authentication Method: Push Notification (Duo Mobile App)
π¨ What Is a Fraudulent Duo Request?
A fraudulent authentication request occurs when a user receives a Duo push notification without actively attempting to log in.
This usually means:
- The attacker already has the user's username and password.
- They are attempting to bypass MFA.
- They are hoping the user will approve the push notification.
This method is commonly known as:
Push Fatigue Attack Attackers repeatedly send push notifications hoping the user will press *Approve* out of confusion, habit, or frustration.
π‘οΈ Best Practice β Correct User Behaviour
β 1. Open Duo BEFORE Logging In
Users should:
- Open the Duo Mobile app on their device.
- Then initiate the system login.
- Immediately approve the push while actively viewing the request.
Opening the Duo app before logging in ensures:
- The push is expected.
- The approval is intentional.
- No delayed or mistaken approvals occur.
β 2. Only Approve When Actively Logging In
If you are not logging into a system:
DO NOT APPROVE THE REQUEST
Unexpected push notification = π© Security incident.
β 3. Never βWait for the Promptβ
Do NOT:
- Click login and wait passively.
- Approve a push that appears unexpectedly.
- Approve repeated push notifications.
- Assume βitβs probably fine.β
Multiple pushes in a short time = high likelihood of attack.
π If a Fraudulent Request Is Received
Users must:
- Press Deny
- Immediately report to IT
- Change password if instructed
Treat every unexpected Duo push as a potential account compromise.
π Why This Is Critical
MFA only protects the organisation if:
- Approvals are intentional.
- Users remain alert.
- Push notifications are treated as security events.
One accidental approval can result in full account compromise.
π’ End-User Awareness Message (Short Version)
If you are not logging in and receive a Duo push:
- Press Deny
- Report it immediately
- Do NOT approve it
Always open the Duo app before logging in.
π Risk Level
| Threat Type | Impact | Likelihood | Risk Level |
|---|---|---|---|
| Push Fatigue / MFA Bypass | High | Increasing Globally | π΄ High |
π Review Cycle
- Review annually
- Review after any reported MFA incident
Quick Links
- Support Email: [email protected]
- Self-Serve Tickets: help.mmc24.com
Author: Mike Last Updated: DATE