2-Step with Duo Fraud Awareness
If you receive a Duo verification to log into a service you did not initiate, an attacker has your credentials and is trying to trick you into providing access to your account. You have the power to stop them!
Deny the request and say Yes when asked if this was a suspicious login. This keeps attackers from accessing your account. It will also alert ITS to the incident and initiate an investigation
Reset your password. This prevents attackers from getting back in. It should also stop additional Duo verifications
Not sure if that Duo verification is suspicious? These clues can help:
Are you logging into a Duo-protected service? If not, deny and reset your password
Is the timestamp on the Duo verification consistent with a login you initiated? If not, deny and reset your password
Is the geolocation on the Duo verification consistent with your location? Depending on your network, this may reflect a neighboring town or city. It should not reflect a distant location, such as another state or country
Don't be a victim of phishing scams! Enhance your awareness
Watch your step; don’t fall for fraud!
Always deny a Duo verification you did not initiate
Create unique, strong passwords for all your online accounts. When cybercriminals don’t know your password, they can’t ask you to approve Duo notifications
If you receive a verification for any non-UAlbany account you did not initiate, change your password for the account