Cybercriminals are turning to a range of strategies to outmaneuver MFA. One such technique is session hijacking and OAuth token theft. Another type of hack is called an MFA fatigue attack. This describes attackers overwhelm users with MFA push notifications until they inadvertently approve fraudulent requests. Add to this MFA end-run attacks social engineering and AI deepfakes. AI-driven phishing and deepfake communications are becoming nearly indistinguishable from authentic interactions. Another tactic is called SIM swapping and MFA interception.