This cyber evasion technique consists of someone attempting to access a corporate network as the user. They will have already gained the username and password credentials via a phishing link or fake website and the last hurdle they need to overcome is the second factor of security authentication. In most cases, the user would be sent notifications to approve the MFA request, this is done in a few ways;
If the user is tricked into believing that the request come from the company and clicks on the notification to approve it, then the threat actor can gain access to the organisation’s systems. Always be vigilante when approving these requests.