This past weekend, a member of our campus community had their password compromised and a bad actor attempted to log in using his credentials. When DUO notified him of the login and asked whether to Approve or Deny, he took a moment to realize:
1.) he didn’t initiate the login and
2.) the IP address of the login was in Nigeria. He denied the push and notified the Office of Cybersecurity.
Everyone in our campus community should be prepared for a cyber attack, hence why Information Security Training is required. DUO is just one of many controls we have in place to stop threats. If you did not initiate a DUO Push, do not hesitate to deny that push. Contact the Office of Cybersecurity immediately at email@example.com so we can begin an investigation. You will also need to change your password and security questions. Helpful information can be found on the Passwords page as well as the DUO page.