Recent E-crime activity has highlighted a form of social engineering that everyone should be aware of: Attackers are using a technique called “Prompt-Bombing” to gain access to accounts protected by Multi-Factor Authentication. Multi-Factor Authentication is the extra step, usually text message, phone call or App approval, used to verify your identity when accessing your organization’s systems.
Simply being aware that this is a tactic used by attackers is the first step in protecting yourself.
What is “Prompt-Bombing”?
Prompt-Bombing is when an attacker uses annoyance and frustration to try to get a user to answer “OK” or “Accept” to a prompt to provide access to an account or to run malicious software.
This method of Prompt-Bombing could be used if an attacker has captured an employee’s Username and Password to log into a system, via a phishing email, password spray attack, or leaked credentials.
The attacker then generates multiple text messages, phone calls, or mobile notifications that are legitimately from the Multi-Factor Authentication system with the objective of annoying the user into approving the requests, allowing the attacker to gain access to the account.
Sometimes the attacker will create lots of notifications, other times the attacker will just choose a key moment to send just one or two requests.
If the person approves one of these requests in error, then the attacker could gain access to their account.
What can I do?
Report unusual prompts, calls, notifications, or texts to your IT team or your designated IT representative in your organization. Repeated Multi-Factor Authentication approval requests could indicate that your password is being used without your knowledge.
And most importantly, don’t approve Multi-Factor Authentication phone calls or notification prompts that you didn’t generate yourself by attempting to log in.
Additional Resources:
.png)