Stop! A DUO Push You Didn't Initiate

Hello UMBC Community,

We rely on Duo two-factor authentication to protect our accounts, and it's an excellent defense. However, cybercriminals are always looking for new ways to get past our security. This week's topic is all about what to do if you receive a Duo push notification you didn't initiate.

You're working on your computer, not logging into anything new, and suddenly your phone buzzes with Duo push notifications, including SMS texts or phone calls from Duo. What's happening? This is likely an attacker who has obtained your password and is attempting to bypass Duo to access your account.

Your immediate action is critical.

• Do NOT Approve It: The most important thing is to never approve a Duo push notification you did not initiate. Approving it will give the attacker access to your account.

• Deny the Request: Decline the request on your phone.

• Report as Fraudulent: If you can, mark the notification as fraudulent.

• Change Your Password: Immediately change your password on a trusted device or computer. This will invalidate the password the attacker is using.

Remember, a Duo push notification is like a digital handshake. You must be the one to initiate it. If someone else is trying to shake your hand, don't approve the connection!

If you received a Duo push notification you did not initiate, deny the request, change your password, and immediately report the event to the security team at security@umbc.edu. Your report helps protect everyone!

Stay safe out there.

• Attached Image for Stop! A DUO Push You Didn't Initiate
• Attached Flyer for Stop! A DUO Push You Didn't Initiate
• Attached Image for Stop! A DUO Push You Didn't Initiate