The Lehigh University Information Security Team wants you to be aware of a new level of phishing attack that is currently being launched against some colleges, universities, and several other institutions across the country. This attack exploits some Duo two-factor authentication options. Please review this alert carefully.
What to watch for
- The attacks will typically begin as an email with a generic subject, such as “An important message from LU,” containing a link which takes you to what looks like a Lehigh login page but, upon closer inspection, does not have the correct lehigh.edu address, nor does it have a secure (https:\\) connection.
- If a Lehigh username and password are entered, you are then directed to a fake Duo authentication page asking you to generate and enter a passcode.
- If you respond, the attacker will gain control of your account.
How to protect yourself
Use Duo effectively
- Whenever possible, use Duo Push through the mobile app – it is the most secure and flexible option.
- The Duo 2FA prompt will ONLY occur if you are trying to log into a system at that moment. If you are not logging into a Lehigh site and are not being informed that you will be prompted for Duo 2FA, DO NOT accept the request. NEVER authorize a prompt or call you did not initiate. Instead, click Deny on the app (or hang up if called).
- Never provide another person with a Duo authorization passcode.
Look at the link
- Before clicking on any link, verify the link by hovering over it to display the destination web address.
- Be suspicious of any email with a link that takes you directly to an authentication page.
- Verify that any site asking for authentication via the web uses a lehigh.edu address.
- The URL should always start with https://. The “s” in the prefix indicates a secure site.
If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:
- Change your Lehigh password immediately at https://www.lehigh.edu/account.
- Contact the Lehigh Information Security Team at email@example.com.
Eric Zematis, CISSP, CISM, PMP
Chief Information Security Officer