‘MFA Bombing’ examples include:
– Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.
– Sending one or two prompts per day. This method often attracts less attention, but “there is still a good chance the target will accept the MFA request.”
– Calling the target, pretending to be part of the company, and telling the target they need to send an MFA request as part of a company process.