Cybersecurity: 2FA Prompt Attacks
DUO Push Phishing
ODU is seeing attackers use phishing attacks to gain credentials, then attempt to login multiple times to have users inadvertently allow the DUO push prompt for 2-factor authentication. Once a user accepts the DUO prompt, the attacker then has access to the account for a period. Cyber criminals use this technique to bypass multi-factor authentication (MFA). Universities are reporting this attack being successfully used.
Some attackers have sent a bogus login page with a field to enter a DUO passcode.
Do not do it!
How you can overcome push phishing:
Be mindful when approving DUO Push notifications. Some things to consider when you get a push on your phone:
• Is there anything unusual about the application that is displayed in the DUO prompt?
• Did you just attempt to access an application, or not?
• Where is the push request coming from? Check the location details provided with the push in the Duo Mobile app.
Know what to do if you suspect you’ve received a fraudulent push. Learn how to mark a Duo Push as fraudulent in this Knowledge Base article.
If you get a DUO prompt at a time when you are not actively authenticating to an ODU service, select “Deny” to the prompt, and change your MIDAS password promptly.
If you accidentally select “Yes” to a prompt that you did not initiate by attempting to login to an ODU service, report the incident immediately via ITSHelp@odu.edu , and change your MIDAS password promptly.
For more information on cybersecurity, please visit our awareness page at www.odu.edu/safecomputing. Thank you for your diligence in maintaining a secure ODU computing environment!
J. Douglas Streit, CISSP
Executive Director & CISO
IT Security & Planning
Information Technology Services
Old Dominion University
http://www.odu.edu/directory/people/j/jstreit
Posted By: John Streit
Date: Fri Nov 25 07:11:15 EST 2022