Threat actors may attempt to bypass multi-factor authentication (MFA) mechanisms and gain access to accounts by generating MFA requests sent to users.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.