DUO Fatigue Attacks

Figure 1

**ACTIVE SCAM ALERT**

Ìýprovides extra protection for your accounts since it requires TWO methods of verification (your login information and your secondary device). However, if cyber criminals gain access to your login information (username and password), they can trick you into giving them access to your account through a technique called Multi-Factor Authentication Fatigue. Don’t fall victim to this scam.

IMPORTANT:

Unless you are trying to log in, NEVER approve a DUO notification.

Ìý

Signs of a Multi-Factor Fatigue Attack

In each of the below instances, the criminal is trying to get you to approve the request either by accident, when you’re not paying attention, or when you’re asleep and just want your phone to stop buzzing. They are trying to catch you off-guard:

  • Repeated DUO phone calls or Mobile push notifications to approve sign in when you are not signing in.
  • Repeated DUO approval requests from any method during the late evening or very early morning (e.g. 11pm - 4am).

How to Stop a Multi-Factor Authentication Attack

  • - MFA attacks can only occur if the criminal already has your login information.

Get Help

If you have any questions, or think you’ve been the victim of one of these scams, please contact IT Security at security@bc.edu.