Unexpected Duo Requests

If you receive a DUO push or call that you did not initiate (i.e., you were not attempting to log into a campus system), DO NOT approve it. 

What's happening 

Tufts has been seeing a significant increase in attempts to compromise user’s accounts. When attackers succeed in finding a user’s ID and password, a DUO prompt is initiated. If you accept the DUO prompt, you will grant the attackers access to your account.  

Attackers will often continue trying to log in to the victim’s account with the intention of generating so many Duo prompts that the victim will eventually just approve one.

What to do 

• Only respond to DUO requests that were initiated when YOU are trying to log in to a service.  

• If you receive a push notification and were not attempting to log in to a service, decline the push. 

• If you receive a phone call and were not attempting to log in to a service, HANG UP (do not push any other keys).  

• Change your password if you have received an unexpected DUO prompt.   

If you believe you have fallen victim to one of these scams, you should report it to the Service Desk by calling 617.627.3376 or emailing it@tufts.edu.