Recent E-crime activity has highlighted a form of social engineering that everyone should be aware of: Attackers are using a technique called “Prompt-Bombing” to gain access to accounts protected by Multi-Factor Authentication. Multi-Factor Authentication is the extra step, usually text message, phone call or App approval, used to verify your identity when accessing your organization’s systems.

 

Simply being aware that this is a tactic used by attackers is the first step in protecting yourself.

 

What is “Prompt-Bombing”?

 

Prompt-Bombing is when an attacker uses annoyance and frustration to try to get a user to answer “OK” or “Accept” to a prompt to provide access to an account or to run malicious software.

 

This method of Prompt-Bombing could be used if an attacker has captured an employee’s Username and Password to log into a system, via a phishing email, password spray attack, or leaked credentials.


The attacker then generates multiple text messages, phone calls, or mobile notifications that are legitimately from the Multi-Factor Authentication system with the objective of annoying the user into approving the requests, allowing the attacker to gain access to the account.

Sometimes the attacker will create lots of notifications, other times the attacker will just choose a key moment to send just one or two requests.

 

If the person approves one of these requests in error, then the attacker could gain access to their account.

 

What can I do?

 

Report unusual prompts, calls, notifications, or texts to your IT team or your designated IT representative in your organization. Repeated Multi-Factor Authentication approval requests could indicate that your password is being used without your knowledge.

 

And most importantly, don’t approve Multi-Factor Authentication phone calls or notification prompts that you didn’t generate yourself by attempting to log in.

Additional Resources:

Wired.com

Blackberry.com

Irritation: Cyber Crime’s new superpower?

Welcome!


If you are reading this guide, you are about to embark on a process that will help your organization harness the potential of technology to deliver your mission and best serve your community. Proactively planning for technology is about more than replacing old computers (although that might be part of your plan!). This process will help your organization fundamentally shift the way you approach technology investments toward greater mission achievement and community impact. It will identify opportunities for technology to help you control costs, reduce risk, raise funds, and empower staff.


Strategic technology planning – much like any strategic planning process – is a comprehensive look at the current state and the desired future state for your organization. If you just need some new computers, this may not be the right process. But if you are ready to treat technology as a mission-critical investment that can accelerate your organization’s impact, you are in the right place! Your nonprofit has much to gain from appropriately integrating technology into your operations, communications, fundraising, and service delivery. This guide offers step-by-step support to help you lead your organization through technology planning, resulting in a roadmap to smart technology use.



Acknowledgements


This guide has been produced through the generous support of the Rasmuson Foundation, a private foundation that works as a catalyst to promote a better life for Alaskans. Learn more at www.rasmuson.org. It was written and edited by Lindsay Bealko of Toolkit Consulting, who helps mission-minded organizations design creative communications, engaging education, and powerful programs. Learn more at www.toolkitconsulting.com.


Special thanks to Orion Matthews and Jeremiah Dunham of DesignPT for their substantial contributions to and reviews of this guide to make it as useful as possible to nonprofit organizations who are ready to harness the strategic potential of technology. Learn more and request help with your strategic technology plan at www.designpt.com.


Please help us improve our website by providing your feedback