Beware of Multi-factor Authentication Scams

Multi-factor authentication is an important capability that helps secure the login process. At U-M, we utilize Duo two-factor authentication.

As with any other part of a login process, threat actors try to find a way to steal any information they need to log in to accounts. In terms of Duo authentication, that typically means they try to get users to approve a notification or steal a Duo passcode.

Tips to avoid getting caught by Duo scams:

  • Don’t share Duo passcodes – Only enter a Duo passcode in the official Duo prompt (e.g., never in a text message or Google form).
  • Deny unexpected Duo notifications – If you get a notification when you aren’t trying to log in, deny it and click “I’m not logging in.” It may indicate your password is compromised. Change your password ASAP.

While the Duo 3-digit verification code step recently implemented provides an additional level of security, which is intended to reduce the likelihood of this type of scam, it is important to remain vigilant in protecting your accounts.

Learn more about Multi-factor Authentication Scams, including how to report them and what to do if you get caught.

Stay informed about other Common Scams on the Safe Computing website.