Illustrative screenshot.

Do Not Approve Unexpected DUO Prompts

Quick Summary

  • If you receive a Duo push that you did not initiate (i.e., you were not attempting to log into a campus system) DO NOT approve it.
  • If you receive multiple unsolicited Duo prompts you did not initiate, you should change your campus passphrase at https://computingaccounts.ucdavis.edu.

If you receive a Duo push that you did not initiate (i.e., you were not attempting to log into a campus system) DO NOT approve it.

In some cases, users may receive many unsolicited Duo pushes—Duo authentication prompts on your phone, SMS messages, or even phone calls from Duo—in a short time. If this happens to you, it is a strong indication that your UC Davis passphrase has been compromised and that you should change your campus passphrase as soon as possible, which you can do at https://computingaccounts.ucdavis.edu.

The campus Security Operations Center (SOC) reports that there have been a flood of attempts to compromise the accounts of UC Davis users since yesterday. In cases where the attackers have the accurate UC Davis username and passphrase for a user, each attempt that the attackers make to log into an account will generate a Duo push to the victim.
Attackers will often continue trying to log in to the victim’s account with the intention of generating so many Duo prompts that the victim will eventually just approve one. This attack technique is referred to an “MFA fatigue attack.” If you receive multiple unsolicited Duo prompts, you should change your campus passphrase at https://computingaccounts.ucdavis.edu.

Primary Category

Secondary Categories

Security