What to do when you receive an unexpected Duo authentication request
Deny an unexpected Duo authentication request and report it immediately
Never approve an authentication request from Duo if you have not been attempting to log in to a UM service or resource. Duo authentication requests are sent by Duo Push notification, text message or phone call when you try to log in to a university service.
Duo multi-factor authentication works as another layer of security. If scammers get a hold of your login information through either a phishing email or a security breach, they will try to access your account by triggering a Duo push using your credentials, hoping you will approve it. Once you have approved a fraudulent Duo push, you will not know when your account is being accessed.
What you can do
If you receive an unexpected Duo Push request:
- “Deny” the request. When you select “Deny,” you prevent the authentication request from being completed.
- After you deny the request, please report it by selecting “It seems fraudulent” from the list of reporting options. Note: If for any reason you “Deny” a Duo request that your own login activity triggered, select the “It was a mistake” reporting option.
- Change your password in signUM immediately.
Never approve a Duo authentication request from an unexpected phone call or text message.
If you accidentally approve an unexpected Duo authentication request, report it to the IST Service Desk (204-474-8600) as soon as possible. The Information Security and Compliance team will work with you to secure your account and investigate the activity.
Remember: Information Security Starts with You!