Despite the presence of two-factor authentication, criminals have devised methods to deceive users into surrendering their login details through phishing attacks or other types of spam email.
Repeated Duo Attempts and Prompts
Beware of unexpected Duo Multi-Factor Authentication (MFA) prompts. Ignore them unless you’re sure you requested them. If you are unexpectedly prompted to use Duo in a way you’re unfamiliar with, ignore it and contact ITS Client Services. For example, if you usually use your smartphone’s Duo app, but you instead get a Duo automated phone call or are prompted to enter a passcode, ignore it.
Be Wary of Repeated Login Attempts or Prompts
Another technique criminals try to get through your defenses by chipping away at your patience. Called “MFA Fatigue”, they start by stealing your NetID and password, then trying to log into your account over and over again. You get so many authentication requests on your phone that you might accidentally hit "accept" instead of "deny”.
The best way to stop this "MFA push spam" is to change your NetID password on the compromised account. Once you change your password, the attacker can no longer send you the authentication request. Contact ITS Client Services if this happens to you.
Look Out for Well-Done Fake Login Pages
Criminals may also trick you into giving them a legitimate MFA verification code by tricking you into believing you're using a legitimate UIS site. They send you an email that has a link going to a fake uis.edu login page. Even though the page looks like a legitimate site, the URL is the clue that something's not right. For links that take you to a login page, triple-check the URL in your browser bar or navigate to the page on your own.
This fake login page tries to trick you as the URL is phishingwebsite.com. Although it might not be this obvious, some other tricks criminals use is to add “uis.edu” to the end such as “phishingwebsite.com/uis.edu”.
Once you enter your NetID and password on this fake page, you are asked to complete the two-factor authentication step. Normally Duo will use the method you used most recently, or the method you have chosen from the Other Options list of methods.
A phishing site will offer you ONLY the Enter a Passcode option and will have an address from an unrecognized website domain.
The Duo Universal Prompt will only appear on the duosecurity.com/ web domain.
Graphically, everything looks legitimate, so you go to your phone, get the Duo passcode, enter it into the website, and click "Verify”.
You’ve now been phished.
The criminal has:
- Your NetID
- Your password
- A legitimate Duo code that they can use to log in to your account
The strength of two-factor authentication lies in what you know (your login credentials) and what you have (your phone). If a website tries to bypass one or the other, then do not continue and contact ITS Client Services.
If you think your credentials have been compromised, Contact ITS Client Services right away. Criminals keep trying different ways to steal data and ITS would rather see an old phish than miss a new one.
You’ll notice that this kind of attack originates with the link to the fake UIS login page. That’s why it’s so important to make sure the link you click is a valid UIS link with the uis.edu or uillinois.edu domain.
Report Suspicious Email
If you receive a suspicious email with login prompts or asking for other personal information, report the message using methods found here.
Options include:
- Using the built-in Proofpoint for Outlook Add-in
- Forwarding the suspicious email as an attachment to security@uis.edu
Other
To share feedback about this page or request support, reach out to ITS Client Services.
More info on how to spot fraudulent emails here.