IT Security Advisory: Beware of Fraudulent Duo Prompts
A new level of phishing attack is currently being launched against Boston University and several other institutions across the country. This attack exploits some Duo multi-factor authentication options and typically begins as an email with a generic subject, such as “An important message from BU.” The message contains a link which takes you to what looks like the BU WebLogin page, but upon closer inspection, does not have the correct bu.edu address, nor does it have a secure (https) connection. If a BU login name and password is entered, you are then directed to a fake Duo authentication page asking you to generate and enter a passcode. If you respond, the attacker will gain control of your account.
Two factor authentication remains the most effective mechanism to deter the use of stolen passwords. However, there will always be bad actors looking to break through even the most robust defenses. For more information and tips on how to protect your account, and keep Boston University secure and protected, click here.
|