Office of Information Technology reminds campus not to approve any unexpected DUO push notifications or share DUO passcodes

Published: May 25, 2023

Article body

Recently, OIT has observed an increase in fraudulent DUO push notification attempts and DUO passcode requests in an attempt to comprise university accounts.

As a reminder, please do not approve any DUO request that you did not initiate. If you have provided either your credentials or DUO passcodes or pushes, immediately change your passwords and send an email to infosec@auburn.edu. To help protect yourself and our university, below is a list of best practices and recommendations when using DUO.

  1. Never share your DUO codes or responses. Under no circumstances should you provide your DUO codes, responses or other authentication factors to anyone, including individuals claiming to be from OIT or university administration. OIT will never ask you for this information.

  2. Use DUO push notifications as the default instead of text messages, DUO codes or phone calls. When push notifications are your default DUO method, malicious actors requesting codes will be more obvious as not legitimate requests.

  3. Verify the legitimacy of DUO prompts: When receiving push notifications on your smartphone, carefully review the details and verify the push is from your authentication request. If something appears unusual or suspicious, do not proceed with the authentication process and report the request.

  4. Be aware of phishing attempts: Be cautious of emails, phone calls or messages requesting your DUO codes or personal information. Phishing attacks often attempt to imitate legitimate institutions or individuals. Always verify the sender's email address, hover over links to check their legitimacy and refrain from providing sensitive information unless you are certain of the source’s authenticity.

  5. Stay informed and seek assistance: Familiarize yourself with the latest security threats, techniques and best practices by regularly reviewing university communications and security awareness resources. A new 3-minute security module “Push It to the Limit: Push Notification Abuse” is available in the Training library.

By implementing these recommendations and remaining vigilant, we can collectively protect Auburn University and ourselves from cyber threats. Together, we can create a robust and secure environment for our university community and protect each other. Please contact the IT Service Desk vie email or 334-844-4944 with any additional questions or concerns.

Submitted by: Kelsey Prather