Beware of phishing: Watch out for Duo push and phone call attacks

Kansas State University stores and manages a large amount of confidential information, making it a target for cybercriminals who seek to steal that data through phishing attacks. To safeguard your personal information, K-State uses Duo two-factor authentication. Duo adds an extra layer of security by requiring a secondary device to verify your identity. All K-State students, faculty, staff and anyone with a K-State email address or VPN access must use Duo.

Cybercriminals are constantly adapting their strategies, and one of the latest tactics involves spamming Duo push notifications or verification phone calls. In this method, attackers rapidly send multiple Duo push notifications to a user's phone. They aim to overwhelm and annoy the user into entering a verification code to stop the alerts. If a user accidentally verifies a request, the attacker can gain full access to their account.

Duo spam phone calls are similar to the push notification tactic. In this approach, cybercriminals repeatedly send text messages that prompt users to enter their verification code on a malicious website or to provide it over the phone.

If you receive an unexpected Duo push notification or phone call and are not actively logging in, do not approve it. An unexpected notification or phone call could mean someone else has your password and is attempting to access your account. Instead, report the incident to the IT Service Desk at 785-532-7722 or 800-865-6143.

A phishing attack occurs when criminals impersonate trusted campus entities, such as the IT department or faculty members, to trick students and staff into revealing sensitive information like usernames, passwords or financial details. These often occur through deceptive emails, texts or websites. Such attacks can compromise accounts, facilitate identity theft, or grant unauthorized access to institutional systems, posing significant personal and institutional security risks.

October is National Cybersecurity Month, and everyone needs to stay vigilant. The information that criminals are trying to steal could belong to you.

To learn more about phishing scams and how to stay safe online, visit K-State's cybersecurity website.

Submitted by Division of Information Technology

More K-State news