If you get a Duo notification out of the blue, it’s probably a scam.
If you get a Duo notification out of the blue, it’s probably a scam.
University of Oregon
Dear UO students, faculty, and staff,
For the past few weeks, the University of Oregon has again been experiencing a series of cyberattacks involving email phishing and Duo two-step login.
Cybercriminals have compromised 115 UO accounts, and used 28 of them to send more than 100,000 phishing emails to other UO students, faculty, and staff. We currently have no indications that the compromised Duck ID credentials have been used for anything more than sending phishing emails in an attempt to harvest more credentials.
The attackers know we're protecting our Duck ID accounts with Duo. If they steal a UO password, they will attempt to trick the user into approving a Duo prompt. The increasingly aggressive tactics of cybercriminals include the following, as reported by UO community members:
  • Multiple unexpected Duo push notifications in quick succession.
  • Text messages or phone calls asking for approval of a Duo verification request.
The UO Information Security Office has many protections in place against such attacks, but we still need your help:
  • Beware of any website that asks you to enter your username and password, especially if you got there by clicking a link in an email. UO IT staff will never ask for your password.
  • Take care before approving Duo verification requests. If you get a Duo notification out of the blue, it’s probably a scam.
A phone displays red X and green checkmark buttons.

Using Duo with Care

The only time you should approve a Duo verification request is when you're actively logging in to a Duo-protected UO service. We must all fight the temptation to automatically approve such requests.
If you get an unexpected Duo push notification, text message, or phone call, that means someone else is trying to log in with your Duck ID and password. If that happens:
  • Stop unauthorized use of your account by pressing 9 on a Duo phone call or Deny in the Duo Mobile app.
  • Duo should ask you if the login attempt was suspicious. Please choose Yes to report the fraudulent login attempt to Information Services and help us protect others.
  • Change your Duck ID password.
UO staff will never contact you out of the blue to ask you to approve a Duo verification prompt.
A fishing hook pulls a login window from a laptop.

Protecting Ourselves from Phishing

Be wary of suspicious emails from UO accounts. This wave of phishing messages is a great example of how cybercriminals often distribute phishing messages from UO accounts they've compromised.
People can report phishing emails through the Report Phish button in Outlook or by forwarding them to phishing@uoregon.edu.
More guidance about phishing is available in Around the O.
Want to get better at combating phishing emails? The Information Security Office now offers a brief online training: Introduction to Phishing. This 15-minute interactive module is available to everyone at the UO through our new cybersecurity awareness training platform, powered by Proofpoint.
To protect phishing victims, the UO Information Security Office will temporarily disable the account of anyone who has clicked a malicious link and potentially entered their credentials. To restore account access, users should contact the Technology Service Desk by phone at 541-346-4357 or by live chat.
If you have any questions or concerns, please contact the Tech Desk or the IT staff who support your unit.
The Information Security Office works to continuously improve the UO's defenses against cyberattacks, both by raising awareness and through technology such as Duo two-step login and URL link protection in email. But no matter what, a small percentage of scams will get through—so each of us still needs to stay vigilant to protect ourselves and those around us.
Sincerely,
José Domínguez
Interim Chief Information Security Officer
Information Services, 1225 Kincaid St., Eugene, OR 97403
P: 541-346-4357  •  https://is.uoregon.edu
You are being sent this message based on your affiliation with the University of Oregon.
This email was sent to .
To continue receiving our emails, please add us to your address book.
Unsubscribe
Having trouble viewing this email? View this email online.
Subscribe to our email list.