2-Step with Duo Fraud Awareness

Owned by
Former user (Deleted)
Last updated: Jan 06, 2023 by
Trubitt, Lisa V
1 min read

If you receive a Duo verification to log into a service you did not initiate, an attacker has your credentials and is trying to trick you into providing access to your account. You have the power to stop them!

  1. Deny the request and say Yes when asked if this was a suspicious login. This keeps attackers from accessing your account. It will also alert ITS to the incident and initiate an investigation

  2. Reset your password. This prevents attackers from getting back in. It should also stop additional Duo verifications

Not sure if that Duo verification is suspicious? These clues can help:

  • Are you logging into a Duo-protected service? If not, deny and reset your password

  • Is the timestamp on the Duo verification consistent with a login you initiated? If not, deny and reset your password

  • Is the geolocation on the Duo verification consistent with your location? Depending on your network, this may reflect a neighboring town or city. It should not reflect a distant location, such as another state or country

  • Don't be a victim of phishing scams! Enhance your awareness

Watch your step; don’t fall for fraud!

  • Always deny a Duo verification you did not initiate

  • Create unique, strong passwords for all your online accounts. When cybercriminals don’t know your password, they can’t ask you to approve Duo notifications

  • If you receive a verification for any non-UAlbany account you did not initiate, change your password for the account