Multifactor authentication via SMS is vulnerable to bot attacks, potentially leading to high costs from automated account creations. To mitigate risks, it’s recommended to disable SMS MFA, implement stronger bot protection, or disable sign-ups. If attacked, quickly identify and delete bot-created accounts using Azure portal and PowerShell scripts to manage user identities.