[ skip to content ]

More Information about this image

Aerial shot of campus showing Kaufman Mall, Webb Center and the quad in the background

Cybersecurity: 2FA Prompt Attacks

DUO Push Phishing

 

ODU is seeing attackers use phishing attacks to gain credentials, then attempt to login multiple times to have users inadvertently allow the DUO push prompt for 2-factor authentication.  Once a user accepts the DUO prompt, the attacker then has access to the account for a period.  Cyber criminals use this technique to bypass multi-factor authentication (MFA).  Universities are reporting this attack being successfully used.

 

Some attackers have sent a bogus login page with a field to enter a DUO passcode.

 

Do not do it!

 

How you can overcome push phishing:
 

Be mindful when approving DUO Push notifications. Some things to consider when you get a push on your phone:

       •    Is there anything unusual about the application that is displayed in the DUO prompt?

       •    Did you just attempt to access an application, or not?

       •    Where is the push request coming from? Check the location details provided with the push in the Duo Mobile app.


Know what to do if you suspect you’ve received a fraudulent push. Learn how to mark a Duo Push as fraudulent in this Knowledge Base article.

 

If you get a DUO prompt at a time when you are not actively authenticating to an ODU service, select “Deny” to the prompt, and change your MIDAS password promptly.

 

If you accidentally select “Yes” to a prompt that you did not initiate by attempting to login to an ODU service, report the incident immediately via ITSHelp@odu.edu , and change your MIDAS password promptly.

 

For more information on cybersecurity, please visit our awareness page at www.odu.edu/safecomputing.  Thank you for your diligence in maintaining a secure ODU computing environment!

 

J. Douglas Streit, CISSP

Executive Director & CISO

IT Security & Planning

Information Technology Services

Old Dominion University

http://www.odu.edu/directory/people/j/jstreit

https://odu.edu/safecomputing

 

Posted By: John Streit
Date: Fri Nov 25 07:11:15 EST 2022

Site Navigation

Presidential Inauguration

ODU commemorated the inauguration of President Brian O. Hemphill, Ph.D., during Homecoming Weekend 2022. Relive the historic weekend.

Fall Open House

It's time to fall in love with ODU! Join us for our last Open House event of the semester on Saturday, November 19.

Commencement 2022

Visit the Commencement Office for information on event times, caps & gowns, tickets and more!