Duo 2FA Security Warning – False Authentication Requests are Phishing Attempts
Increase in Duo phishing attempts
The Technology Solutions Information Security Office has recently observed cyber security attacks targeting the UIC Community through credentials exposed in password dumps or via phishing.
“Password dumps” refers to a situation where an organization’s site is compromised and cyber attackers publish lists of usernames and passwords online where other attackers can source and use them for additional cyber attacks.
How cyber criminals can source UIC login info from third party sites Heading link
Please note that these passwords are NOT stolen from UIC. However, in the event someone creates an account on a third-party website using their UIC email address as the username *and* uses the same password that they use at UIC, this creates a situation where real credentials are compromised. This is why we recommend that you NEVER use your UIC password on third-party websites.
Once attackers have these valid user credentials, they are able to enter them and get past the first line of defense to trigger repeated Duo 2FA (Two-Factor Authentication) prompts (via push notifications, SMS, and phone).
Their goal is to catch someone off guard or annoy them so much with repeated attempts that they hit “accept” to get the activity to stop. When someone accepts the fraudulent Duo 2FA request, they are then granting the attacker access to their account.
quote 1 Heading link
As a reminder, a Duo 2FA prompt will ONLY occur if you are trying to log into a system at that moment. If you are not logging into a UIC site and are not being informed that you will be prompted for Duo 2FA, DO NOT accept the request.
What to do if you receive a false Duo 2FA prompt Heading link
- If you receive unprompted 2FA authentication requests, DO NOT authenticate them. Change your password immediately. Please take a screenshot of the instance and forward it to our UIC Information Security Team at firstname.lastname@example.org.
- If you think you may have accepted an attacker’s false Duo 2FA prompts, or have been exposed to a phishing attempt via phone or email, please change your password immediately and contact the UIC Information Security Team at email@example.com.