Summary
Staying vigilant against phishing attempts is crucial to safeguarding your UIC NetID and personal information. By following these steps and remaining aware of potential threats, you can significantly reduce the risk of falling victim to multi-factor authentication (MFA) phishing attacks.
Body
Overview
Staying vigilant against phishing attempts is crucial to safeguarding your UIC NetID and personal information. By following these steps and remaining aware of potential threats, you can significantly reduce the risk of falling victim to multi-factor authentication (MFA) phishing attacks.
Table of Contents
Identifying Phishing Attempts
-
Recognize the Attack Origin:
-
Verify Links:
-
Ensure that any link you click is a valid UIC.edu link.
-
Check the URL carefully. The valid link format is "https://two-step" on a UIC server, while "https://it.scam.you/UIC.edu" indicates a suspicious or fake site.
Understand the Strength of Two-Factor Authentication (2FA)
-
Enhanced Security:
-
Critical Response:
Protect Yourself Against Two-Factor Phishing Attempts
-
Understand the Threat:
-
Fraudulent emails are commonly used to steal UIC NetIDs and passwords.
-
Even with two-factor authentication (2FA) enabled, attackers find ways to trick users into giving away their login credentials and try bypassing two-factor authentication.
-
Be Cautious of Unexpected Duo Prompts:
-
Ignore any unexpected Duo (Two-Step Log-in) prompts unless you explicitly request them.
-
Contact the IT Security Office if you receive Duo prompts via methods you don’t normally use (e.g., automated phone calls instead of the Duo app).
Recognize Phishing Techniques with Duo Universal Prompt
-
Understanding Phishing Techniques:
-
After entering your NetID and password on a fake page, you may be asked to complete the two-factor authentication step.
-
Legitimate Duo Universal Prompts only appear on "duosecurity.com/" domains.
-
Ensure the web address contains "duosecurity.com/" to verify authenticity.
-
Phishing sites may offer only the "Enter a Passcode" option and display an unrecognized domain address, such as ".net/UIC.edu".
Be Wary of Repeated Login Attempts or Prompts
-
Recognize the Strategy:
-
Attackers may attempt multiple login attempts to wear down your patience.
-
This is known as 'MFA Fatigue' where they repeatedly try logging in after stealing your credentials to trick you into hitting "accept" or turning off 2FA entirely.
-
Prevent "MFA Push Spam":
-
If you receive excessive authentication requests, change your NetID password immediately. (Changing your password halts further authentication attempts by the attacker.) To change your university NetID password, refer to the instructions: How can I change my existing university NetID password?
-
Report such incidents promptly to the IT Security Office to mitigate risks effectively.
Look Out for Well-Done Fake Login Pages
-
Identify Fake Pages:
-
Verify URLs Carefully:
-
Before entering login details, verify the URL in your browser's address bar.
-
Watch out for URLs ending with ".net/UIC.edu", which are indicative of fake sites. If you are in a hurry, you might look at the end of the URL, see "UIC.edu" and think that it is a legitimate site.
Responding to Suspected Compromise
-
Immediate Action:
-
Proactive Approach: