Staying vigilant against phishing attempts is crucial to safeguarding your UIC NetID and personal information. By following these steps and remaining aware of potential threats, you can significantly reduce the risk of falling victim to multi-factor authentication (MFA) phishing attacks.
Identifying Phishing Attempts
Understand the Strength of Two-Factor Authentication (2FA)
Protect Yourself Against Two-Factor Phishing Attempts
Recognize Phishing Techniques with Duo Universal Prompt
Be Wary of Repeated Login Attempts or Prompts
Look Out for Well-Done Fake Login Pages
Responding to Suspected Compromise
Phishing attacks often begin with a link to a fake UIC login page.
Ensure that any link you click is a valid UIC.edu link.
Check the URL carefully. The valid link format is "https://two-step" on a UIC server, while "https://it.scam.you/UIC.edu" indicates a suspicious or fake site.
2FA combines what you know (login credentials) and what you have (your phone or another authentication device).
If a website attempts to bypass either element of 2FA, do not proceed and immediately contact the IT Security Office.
Fraudulent emails are commonly used to steal UIC NetIDs and passwords.
Even with two-factor authentication (2FA) enabled, attackers find ways to trick users into giving away their login credentials and try bypassing two-factor authentication.
Ignore any unexpected Duo (Two-Step Log-in) prompts unless you explicitly request them.
Contact the IT Security Office if you receive Duo prompts via methods you don’t normally use (e.g., automated phone calls instead of the Duo app).
After entering your NetID and password on a fake page, you may be asked to complete the two-factor authentication step.
Legitimate Duo Universal Prompts only appear on "duosecurity.com/" domains.
Ensure the web address contains "duosecurity.com/" to verify authenticity.
Phishing sites may offer only the "Enter a Passcode" option and display an unrecognized domain address, such as ".net/UIC.edu".
Attackers may attempt multiple login attempts to wear down your patience.
This is known as 'MFA Fatigue' where they repeatedly try logging in after stealing your credentials to trick you into hitting "accept" or turning off 2FA entirely.
If you receive excessive authentication requests, change your NetID password immediately. (Changing your password halts further authentication attempts by the attacker.) To change your university NetID password, refer to the instructions: How can I change my existing university NetID password?
Report such incidents promptly to the IT Security Office to mitigate risks effectively.
Attackers create convincing fake UIC login pages to trick users into disclosing credentials.
Before entering login details, verify the URL in your browser's address bar.
Watch out for URLs ending with ".net/UIC.edu", which are indicative of fake sites. If you are in a hurry, you might look at the end of the URL, see "UIC.edu" and think that it is a legitimate site.
If you suspect your credentials have been compromised, contact the IT Security Office immediately.
The IT Security Office prefers to be informed about potential threats promptly to prevent data breaches.