‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌   ‌
Illinois MASSMAIL
     
   

Protect Against Two-Factor Phishing Attempts
June 26, 2024 12:07 PM

Dear Faculty and Staff,

The Office of the CIO cybersecurity team would like to notify faculty and staff of an important matter related to cybersecurity and Duo MFA, the University of Illinois’s multi-factor authentication (MFA) solution.  

What is happening? 
We have noticed an increase in compromised accounts through sophisticated attacks. Fraudulent emails, known as phishing, are a common way criminals steal NetIDs and passwords and gain access to your private information and university resources.  

Malicious actors have found ways to trick victims into giving away their multi-factor passcode or accepting a Duo push.  

What do I need to know? 
Once malicious actors steal your NetID and password, they try multiple tactics to break your MFA authentication.  

They repeatedly try to log in, bombarding your device with Duo MFA authentication requests, known as “MFA Fatigue.” Malicious actors hope to annoy you with so many authentication requests that you hit "Accept," or you might be tempted to turn off MFA entirely.  

Malicious actors may also mimic Duo login pages requesting you enter in a token. Do not enter in a token if you normally use another method and review this KB for additional attacks to be aware of.   

What do I need to do?  
Never approve or accept a Duo MFA prompt you did not initiate or solicit and be sure to: 

  • Stay alert for unexpected and/or multiple Duo prompts. 
    Beware of unexpected and unsolicited MFA prompts. If you are unexpectedly prompted to use Duo in ways that deviates from your normal usage, this could be a sign that your password has been compromised. Change your password immediately. 

  • Regularly review and update your Duo MFA settings. 
    Once a malicious actor accesses your account, it is possible for them to modify your 2FA settings to add their own device so that you are no longer alerted with prompts. It is critical that you regularly review devices to ensure that only relevant devices and updated numbers are tied to your account at identity.uillinois.edu 

  • Change your password immediately. 
    You must immediately change your password to stop a Duo MFA phishing attempt. Once you change your password, the attacker will be kicked out of your account and can no longer send you authentication requests. Contact security@illinois.edu, if this happens to you. 

Where can I get support? 
Contact security@illinois.edu for additional assistance or visit Multi-Factor Authentication (MFA) and Device Management to learn more. 

Thank you.

Kim Milford 
Chief Information Security Officer, Deputy CIO 

    
     
   
This mailing approved by:
Office of the Vice Chancellor for Academic Affairs and Provost

sent to:
Academic Professionals, Civil Service & Faculty
   
     
 
Massmail Archive   •   Powered by Webtools