Publish Date

Dear Faculty and Staff, 

The cybersecurity team is seeing an increase in compromised accounts through sophisticated attacks, particularly related to Duo MFA, the University of Illinois’ multifactor authentication (MFA) solution. 

What is happening? 

Fraudulent emails, known as phishing, are a common way criminals steal NetIDs and passwords and gain access to your private information and university resources. 

Malicious actors have found ways to trick victims into giving away their multi-factor passcode or accepting a Duo Push. 

What do I need to know? 

Once malicious actors steal your NetID and password, they repeatedly try to log in, bombarding your device with Duo MFA authentication requests, known as “MFA Fatigue”. Malicious actors hope to annoy you with so many authentication requests that you hit "Accept". 

Malicious actors may also mimic DUO login pages requesting you enter in a token. 

Do not enter in a token if you normally use another method and review this Knowledge Base (KB) article for additional attacks to be aware of.

What do I need to do? 

Never approve or accept a Duo MFA prompt you did not initiate or solicit and be sure to: 

  • Stay alert for unexpected and/or multiple Duo prompts. Beware of unexpected and unsolicited MFA prompts. If you are unexpectedly prompted to use Duo in ways that deviate from your normal usage, this could be a sign that your password has been compromised. Change your password immediately. 
  • Regularly review and update your Duo MFA settings. Once a malicious actor accesses your account, it is possible for them to modify your 2FA settings to add their own device so that you are no longer alerted with prompts. It is critical that you regularly review devices to ensure that only relevant devices and updated numbers are tied to your account at identity.uillinois.edu
  • Change your password immediately. You must immediately change your password to stop a Duo MFA phishing attempt. Once you change your password, the attacker will be kicked out of your account and no longer send you authentication requests. Contact security@uis.edu if this happens to you. 

Where can I get support? 

Contact security@uis.edu for additional assistance or visit Multi-Factor Authentication (MFA) and Device Management to learn more. Thank you.

Information Technology Services

University of Illinois Springfield

techsupport@uis.edu

(217) 206-6000

News Categories
faculty
staff