Unexpected Duo Requests

If you receive a DUO push or call that you did not initiate (i.e., you were not attempting to log into a campus system), DO NOT approve it, change your password, and report it to TTS by calling 617-627-3376 or emailing it@tufts.edu.

What's happening 

Tufts has been observing a significant increase in attempts to compromise user accounts which has resulted in changes to direct deposit information. When attackers log in with a user’s ID and password, a Duo prompt is initiated. If you accept the Duo prompt, you will grant the attackers access to your account. In some cases, this will happen repeatedly until a prompt is approved out of fatigue or by mistake.

What to do 

• Only accept Duo prompts that were initiated by YOU logging in to a service.  
• If you receive a push notification and were not attempting to log in to a service, decline the push and report as a suspicious login.
• If you receive a phone call and were not attempting to log in to a service, press 9 to decline and report as fraud. 
• Always report unexpected Duo prompts to TTS, and immediately change your password.

If you believe you have fallen victim to one of these scams and approved the DUO request, you should immediately report it to the Service Desk by calling 617-627-3376 or emailing it@tufts.edu.