DUO Fatigue, or MFA (multi-factor authentication) fatigue occurs when you’ve gotten so used to hitting “Accept” when a push comes through, you do it automatically even if you don’t initiate the push. It also occurs when you are bombarded with push notifications and you just want it to stop, so you finally accept it. Both scenarios are usually bad actors who already have your compromised credentials and need to get through that final layer of protection to get to your information.
Our campus and other UT campuses have seen a rise in these attacks, so BE CAUTIOUS in accepting DUO pushes.
For the past few months, we have seen a rise in attacks targeting people’s direct deposit information for payroll. Here is what happens:
- Credentials are stolen, sometimes by guessing weak passwords or through a phishing attack.
- The bad actors log in, which initiates a DUO push to the user. Either because of continual pushes or because the user is not paying attention, they accept the push, letting the bad actors in.
- The bad actors then add their own device to DUO so going forward, they will get push notifications instead of the legitimate UT person.
- The bad actors get into the email account of the UT person and make a forwarding rule so any communication they initiate is forwarded to them and the UT person never sees it.
- And then they hit where it hurts the most. They change to banking information for that person’s direct deposit for payroll, so that hard-earned money goes to the bad actor’s account. Since all email notifications about the change are forwarded to the bad actors, the UT person doesn’t know until they don’t get the money in their account.
All because they accepted a DUO Push they didn’t ask for. This isn’t a fake scenario to scare you. This has happened to multiple people in our community.
DO NOT ACCEPT A DUO PUSH UNLESS YOU START THE REQUEST! Reject the push. If you start to get constant push notifications, contact the ITS Service Desk (901.448.2222) and let us know you might be under attack.