Don’t fall for prompt bombing
A new form of social engineering known as “prompt bombing” uses multiple pop-up prompts to catch distracted users off-guard and cause them to bypass multi-factor authentication (MFA). This scam “bombs” the user with repeated pop-up notifications that must be selected, or a login process completed, to close. This gives the scammer access to the user’s account.
Prompts to enter login credentials should always be reviewed carefully and not followed unless you are logging in to your account using MFA. Repeated, unexpected pop-ups that ask for credentials are a red flag of potential prompt bombing and should be reported to your IT staff.
See our CTR Cyber page for cybersecurity internal controls including our guidance from the Cybersecurity and Infrastructure Security Agency on ransomware preparedness. Please contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.