Falling for a Phish Can Lead to an MFA Bombing Attack

Phishing attacks are frequently carried out through emails or texts that appear to come from a reputable source. Cybercriminals are skilled at using deceitful tactics to trick users into revealing personal information such as logins or credit card information. Common phishing tactics include:

Unsolicited work opportunities that lead to requests for bank routing information, or ask the new “employee” to purchase supplies, with the promise of reimbursement
Messages warning of an imminent deactivation of your accounts, such as bank accounts, social media accounts, or subscription services
Emails allegedly from the IRS, FBI, or other federal agency threatening legal action, and directing you to imposter websites requiring you to enter personally identifying information
Urgent requests from fake email accounts impersonating a high-level person in your organization, asking you to purchase gift cards or submit your credit card information.

Pay close attention to any email asking for GatorLink login credentials. Unauthorized access to your GatorLink account can expose your personal or academic information. Once a GatorLink login is compromised, the attacker may repeatedly spam Duo Push requests to your device — otherwise known as “MFA Bombing” — hoping you will accept just to make the requests stop. Approving an unexpected Duo request gives the criminal access to your account. Visit the MFA bombing webpage to learn more about this form of cyberattack.