The Division of Information Technology has enabled the Fraud Alerting feature through Microsoft Azure to enhance security measures for our Multi-Factor Authentication (MFA) process.
This enhanced security feature will protect you against a phishing attack called “MFA bombing”. This occurs when an attacker repeatedly initiates an MFA prompt in hopes to get the user to approve the request to compromise their account.
By enabling the fraud alerting feature, you will have the option to report the MFA request as fraud using the Microsoft Authenticator App on your device or the automated telephone system.
Mobile Device Microsoft Authenticator Notification
When the fraud alert feature is enabled, the initial request notification will look the same as it always has. If you select deny a secondary notification will show, asking if you want to report the fraud.
Reporting the attempt as fraud will notify the security team and stop further MFA prompts originating from the same source. As the user, you will also receive an email notification indicating there has been a Multi-factor Authentication Fraud Alert flagged for their account.
Phishing scams have surged in the last several years and it is each user's responsibility to remain diligent in order to protect the safety and security of our information. Remember, if you receive any suspicious emails or notice any odd behavior on your computer, please file a report immediately to Security@missouri.edu.