The Lehigh University Information Security Team wants you to be aware of a new level of phishing attack that is currently being launched against some colleges, universities, and several other institutions across the country. This attack exploits some Duo two-factor authentication options. Please review this alert carefully.

What to watch for

  • The attacks will typically begin as an email with a generic subject, such as “An important message from LU,” containing a link which takes you to what looks like a Lehigh login page but, upon closer inspection, does not have the correct lehigh.edu address, nor does it have a secure (https:\\) connection.
  • If a Lehigh username and password are entered, you are then directed to a fake Duo authentication page asking you to generate and enter a passcode.
  • If you respond, the attacker will gain control of your account.

How to protect yourself

Use Duo effectively

  • Whenever possible, use Duo Push through the mobile app – it is the most secure and flexible option.
  • The Duo 2FA prompt will ONLY occur if you are trying to log into a system at that moment. If you are not logging into a Lehigh site and are not being informed that you will be prompted for Duo 2FA, DO NOT accept the request. NEVER authorize a prompt or call you did not initiate. Instead, click Deny on the app (or hang up if called).
  • Never provide another person with a Duo authorization passcode.

Look at the link

  • Before clicking on any link, verify the link by hovering over it to display the destination web address.
  • Be suspicious of any email with a link that takes you directly to an authentication page.
  • Verify that any site asking for authentication via the web uses a lehigh.edu address.
  • The URL should always start with https://. The “s” in the prefix indicates a secure site.

If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:

Sincerely,

Eric Zematis, CISSP, CISM, PMP
Chief Information Security Officer