Multi-factor authentication has become a security best practice that's now moving toward a requirement. Organizations across industries are implementing MFA, executives are being told to mandate it, and security frameworks increasingly list MFA implementation as a foundational control. The logic is straightforward: if an attacker compromises an employee's password, MFA provides a second factor of authentication—typically a code from an authenticator app, a text message, or a push notification to a registered device—that the attacker wouldn't have access to. This should make account compromise substantially more difficult.
In practice, MFA has been a significant improvement to security. Organizations that mandate MFA see dramatic reductions in account compromise incidents. However, the security landscape has evolved, and so have the techniques that attackers use to defeat MFA. What was once viewed as a near-complete solution to password-based attacks is increasingly understood as a critical control that, without training and behavioral change, provides only partial protection.
The gap between MFA implementation and MFA security is a training problem. An organization that deploys MFA without training employees on MFA-specific attacks creates a false sense of security and potentially makes employees more vulnerable by leading them to ignore warning signs that they should actually be suspicious of.
How Adversary-in-the-Middle Phishing Bypasses MFA
The most sophisticated and increasingly common technique for defeating MFA is known as adversary-in-the-middle (AiTM) phishing. This attack works by placing an attacker-controlled proxy between the user and the legitimate system they're trying to access.
Here's how it works: An employee receives a phishing email that appears to come from their organization's IT department or a trusted service provider. The email contains a link to what appears to be a legitimate login page. The employee clicks the link, is taken to a spoofed login page, and enters their username and password. But this login page is actually a proxy operated by the attacker. The proxy immediately forwards the credentials to the legitimate system. The legitimate system responds with an MFA challenge—perhaps a push notification to the employee's phone asking them to approve the login attempt.
Here's where the attack is elegant: The employee sees the MFA challenge on their phone and, assuming it's a legitimate attempt to access their account (which it is—from the attacker), they approve the challenge. They might think they're approving their own login attempt, not realizing they're actually approving an attacker's attempt. The proxy forwards the approved authentication to the legitimate system, which now recognizes the login as fully authenticated. The attacker has successfully obtained an active, authenticated session into the employee's account, despite the presence of MFA.
From the employee's perspective, they've successfully authenticated. They might see the spoofed portal's homepage, might check their email briefly before logging out, and might have no idea that an attacker now has an authenticated session into their account. Days or weeks later, the attacker uses that session to steal data, move laterally through the organization, or conduct fraud.
The brilliance of this attack is that it's not bypassing MFA at all—it's using the employee and the MFA system itself to defeat the protection. The attacker doesn't need to crack the MFA, intercept MFA codes, or overcome any technical security control. They just need the employee to approve an MFA challenge, which they do because they think they're authenticating themselves.
This type of attack is increasingly common. It's the mechanism behind many of the largest security breaches in recent years. Organizations that believed MFA would prevent account compromise found themselves compromised anyway, because MFA doesn't protect against an attacker who can trick an employee into approving a legitimate MFA challenge.
Real-Time Phishing Proxies and Their Implications
The AiTM attacks described above typically use what are called "real-time phishing proxies"—software tools that intercept authentication requests and responses in real-time, forwarding them to legitimate systems while capturing the authentication tokens and session cookies that result.
These tools are increasingly available and increasingly sophisticated. Some are open-source and freely available to any attacker. Others are commercial tools sold on dark web marketplaces. The barrier to entry for conducting AiTM attacks is now low enough that this technique is no longer limited to advanced adversaries—it's becoming a standard part of the attacker toolkit.
These proxies don't just capture credentials; they can also capture and forward other sensitive information transmitted during authentication. Some can establish a persistent session that remains authenticated even after the employee logs out, allowing the attacker continued access to the account. The sophistication of available tools means that modern AiTM attacks are often more effective at maintaining persistent access than traditional credential compromise.
MFA Fatigue and Prompt Bombing Attacks
Another technique for defeating MFA is prompt bombing, also known as MFA fatigue. In this attack, an attacker who has compromised an employee's password (through phishing or credential reuse) repeatedly sends MFA challenges to the employee's phone—perhaps dozens or hundreds of push notifications in a short period.
The goal is to exhaust the employee's resistance to approving notifications. After receiving 50 push notifications in quick succession, the employee might approve one just to make the notifications stop. Or the employee might become so fatigued by the notifications that they approve one without fully processing what they're doing. The attacker needs only one successful approval to gain access.
This attack exploits a psychological vulnerability rather than a technical one. The MFA system is working correctly; the authentication is genuine. But the attacker has found a way to manipulate the employee into approving an authentication they shouldn't approve.
Organizations that have experienced prompt bombing attacks report that the technique is surprisingly effective. Employees who would never fall for a phishing email or a password reset request might approve an MFA notification if they're being flooded with notifications and just want them to stop.
Vishing for OTP Codes and Authentication Factors
A third technique for defeating MFA is vishing (voice phishing) to obtain the OTP (one-time password) or other authentication factors. An attacker calls an employee, claiming to be from IT, the employee's bank, or another trusted source, and claims that they need the employee to provide their MFA code to "verify the account" or "reset the account."
An employee who doesn't understand that legitimate IT departments never ask for MFA codes might provide the code. The attacker then uses the code to complete a login attempt that's happening simultaneously, either through the attacker's own login attempt or through a compromised system.
This attack is simple but effective, and it works because many employees don't understand the purpose of MFA codes. If an employee thinks the MFA code is just for verification (like a PIN), they might think it's appropriate to share it with someone claiming to be from IT. If the employee understands that the MFA code is a one-time authentication factor, they're more likely to refuse.
Why MFA Deployment Without Training Creates False Confidence
Here's the core problem: An organization that implements MFA but doesn't train employees about MFA-specific attacks creates a dangerous situation. The organization, the CISOs, and the security team feel confident that they've protected accounts with a strong control. Employees feel like they're secure because they have MFA enabled. But the organization is now vulnerable to attacks that specifically target MFA deployments.
An employee who falls for an AiTM phishing attack is more likely to approve the MFA challenge if they believe MFA makes them secure. They think, "Even if this is phishing, MFA will protect me." They approve the notification without hesitation. An employee who receives a call asking for their MFA code is more likely to provide it if they don't understand that real IT departments never ask for codes. An employee subjected to prompt bombing is more likely to approve a notification out of frustration if they're not aware that this is a known attack technique.
In each case, MFA deployment without training creates a false sense of security that actually makes the attack more effective.
What Employees Need to Know About MFA and Phishing
Effective training for MFA-specific attacks needs to focus on several key concepts.
First, employees need to understand that MFA codes and MFA challenges are authentication factors. They're not verification codes that you share with others. They're not codes that get reset or re-requested if you mess up. Once you approve an MFA challenge or provide a code, authentication is complete. Legitimate IT departments don't need to ask employees for MFA codes or ask them to approve MFA challenges—if IT needs to access an account, they do so with their own credentials, not by asking the employee to authenticate.
Second, employees need to understand that approving an MFA challenge means you're granting access to your account. If you see an MFA challenge that you don't remember initiating, you should not approve it. If you're being prompted repeatedly for MFA approvals, that's a sign of an attack (either prompt bombing or someone trying to access your account), and you should contact IT immediately rather than approving.
Third, employees need to understand that MFA challenges should only appear when you're trying to log in to something. If you're receiving MFA challenges when you're not currently trying to authenticate, that's a red flag. Some AiTM attacks create a situation where the employee is trying to log into a spoofed portal and the MFA challenge is being prompted, but the employee might not make the connection that the MFA challenge is related to their login attempt to the spoofed portal.
Fourth, employees need to understand the types of attacks that defeat MFA. Knowing that AiTM phishing exists, that prompt bombing exists, and that vishing for OTP codes exists doesn't make these attacks impossible, but it makes employees more suspicious when they encounter warning signs. An employee who understands that attackers can spoof login portals is more cautious about entering credentials. An employee who understands that attackers sometimes flood MFA notifications is less likely to approve notifications just to stop them.
Training for MFA-Specific Attack Patterns
The most effective way to train employees about MFA-specific attacks is through simulation and scenario-based learning. Generic training that simply explains what AiTM phishing is, while helpful, won't create the kind of behavioral change needed.
Phishing simulations can now incorporate MFA-specific scenarios. A simulation can send an employee a phishing email with a link to a spoofed login portal, and when the employee enters credentials, the simulation can trigger an MFA challenge (either a push notification or an OTP code request) to test whether the employee will approve or provide the code. This realistic scenario teaches employees to be suspicious of authentication challenges that result from links in email.
Simulations can also test prompt bombing resistance by sending multiple authentication challenges in rapid succession and measuring whether the employee approves one out of fatigue. Organizations can then use this as a training moment to explain the attack and reinforce the importance of approving only MFA challenges that correspond to intentional login attempts.
Voice phishing simulations can test whether employees will provide MFA codes or challenge approvals to callers claiming to be from IT.
The Integrated Approach: Technical Controls and Training
It's important to note that training alone is not a complete defense against MFA bypass attacks. Technical controls also play a critical role. For example, organizations can configure MFA systems to show the employee which application or system a login attempt is for, so that if an employee sees an MFA challenge for a system they weren't trying to access, they immediately know something is wrong. Organizations can implement velocity checks that block multiple rapid MFA challenges, preventing prompt bombing attacks. Organizations can implement conditional access policies that require additional verification for logins from unusual locations or devices.
However, even with these technical controls in place, training remains critical. No technical control can completely prevent AiTM attacks if an employee is successfully tricked into entering credentials into a spoofed portal. No technical control can prevent vishing if an employee willingly provides MFA codes to a caller. For more on the broader strategy of human-centric defense, see our guide on social engineering.
High-Authority Reference
For technical specifications on implementing phishing-resistant authentication, refer to the CISA: Fact Sheet on Implementing Phishing-Resistant MFA.
The Evolution of Security from "MFA Is Enough" to "MFA Plus Training"
The security community has historically viewed MFA as a near-complete solution to account compromise. The phrase "everyone should enable MFA" became a mantra. While MFA is certainly critical, it's increasingly clear that MFA alone is not sufficient. The threats have evolved faster than the deployment has.
Organizations that are building genuinely secure systems now recognize that MFA is necessary but not sufficient. They combine MFA deployment with training that ensures employees understand how to use MFA securely, what attacks target MFA, and what behaviors to avoid. They monitor for signs of MFA attacks—unusual approval patterns, rapid-fire MFA challenges, simultaneous logins from different locations—and respond rapidly. They create incident response procedures for MFA compromise.
PhishSkill's MFA-specific training and simulations help employees understand how their MFA can be defeated and what behaviors protect them. Our simulations include AiTM phishing scenarios, prompt bombing attacks, and vishing attempts that teach employees to be skeptical of unexpected MFA challenges and to never provide MFA codes to anyone, regardless of who claims to be asking. As MFA becomes more widespread, understanding how to use it securely becomes increasingly critical. Let's talk about how to build a training program that transforms MFA deployment into genuine account protection.
Related Reading
More from the Blog
View all
Insider Threat Awareness Training: Building a Program That Protects Without Eroding Trust
Most insider incidents are accidental, not malicious. Learn the difference between insider threat monitoring and insider threat training, how to build a program that addresses negligent insiders without creating a culture of suspicion, and what truly effective insider threat awareness looks like.
Gamification in Security Awareness Training: Does It Actually Work?
Points, leaderboards, and badges are ubiquitous in security awareness training. But do they actually change behavior, or do they just drive engagement metrics? Explore the evidence behind gamification, when it helps, when it distracts, and how to combine it with simulation-based learning.
Dark Web Credential Exposure: What It Means for Your Employees and How Training Reduces the Risk
When employee credentials appear on the dark web, attackers have the keys to your kingdom. Discover how credentials get exposed, what attackers do with them, and how training on password hygiene, MFA, and credential phishing recognition becomes your best defense.
Ready to stop phishing attacks?
Run realistic phishing simulations and high-impact security awareness training with PhishSkill's automated platform.