Stay Vigilant Against Duo Phishing Attacks
Apr 24, 2025
As cyber threats continue to evolve, it's crucial to stay informed and vigilant against phishing attacks, especially those targeting multi-factor authentication (MFA)systems like Duo. Phishing is a psychological attack used by cyber criminals to trick you into giving up sensitive information or obtaining access to your account. These attacks often masquerade as legitimate communications from trusted sources, making them particularly dangerous.
What To Do
- Install the Duo app on your mobile device and select the Duo Push option for authenticating.
- Duo Push is the best practice for your preferred authentication method, and it is also quick and easy.
- Do not use SMS text or phone MFA with Duo as this is more easily compromised and vulnerable to phishing.
- The app displays the location of the MFA login request, helping ensure that it’s you who is authenticating.
- Be cautious with Duo Security requests.
- Review where the Duo request originated from — is it your location?
- Did you make the Duo request — is the timing correct?
- NEVER approve unexpected authentication requests.
- If your location and the timing of the request DON'T match, your credentials may have been compromised and it could be a Duo phishing attempt; approving an unanticipated Duo request may grant a cybercriminal access to your account and data.
- Reject the request and contact the Service Desk.
- Be aware: cybercriminals may make repeated requests like these, sometimes with many requests in a very short period of time. This phishing method is known as an MFA (Duo) Fatigue Attack. The malicious actor is hoping you will hit “Approve” just to make the alerts go away. Don’t fall for this tactic, never hit “Approve” unless it’s you; call the OIT Service Desk for immediate help if you experience this.
Protecting your personal data helps prevent the loss of sensitive university information and ensures your identity remains safe. By staying informed and cautious, you can help protect yourself and the university from phishing attacks. For more information, visit our Information Security and IT Compliance Duo Phishing Awareness webpage.
