Alerts

Phishing Alert: Verified Duo Push Scam

Members of the WashU community are receiving fraudulent phone calls from criminals asking them to enter a three-digit code into the Duo app.

The attacker enters a stolen WUSTL Key. They need the victim to enter this code. "I'm from the service desk. Please enter 788 on you Duo app. If the victim enters the code, the attacker will be logged into the account. Now they can access everything you can.

What you should do

The only time you should type in the three-digit code into Duo is if you are logging in for yourself. Do not enter a code given to you by someone else. Legitimate WashU employees will not ask you to enter codes into your DUO application. 

Look at the geo-location information in Duo’s verified push request. If you are not actively logging into a web page from that general location, assume it’s a scam.

Protect Your Account’s Personal and Financial Information

If you believe you may have entered a Duo code for a scammer or criminal, you should change your WUSTL Key password immediately. If you are unsure if you did, please change your WUSTL Key password now.

You can change your password by visiting the guide at How do I Change my WUSTL Key Password – Information Technology or by finding the appropriate link in WUSTL ONE (one.wustl.edu).

If you get a call from someone asking you to enter codes in your Duo app, get the name of the caller or a ticket number and hang up. Look up the correct number for the service desk and call back to make sure you aren’t being conned. If you receive an email asking you to enter codes in you Duo app, simply report it using the Phish Alert Button (PAB) in your Outlook interface.

It’s always best to err on the side of caution and report anything that seems remotely suspicious. Our team will analyze all submissions and return them to you if they’re determined to be safe.

Stay Informed

Be sure to read our newsletter, SECURED, when you see it in your inbox or by visiting our blog (https://informationsecurity.wustl.edu/blog/). We cover the latest topics, resources, and best practices in information security.

Contact Our Office

If you have questions or concerns about this update, please contact the Office of Information Security by emailing infosec@wustl.edu. As always, we appreciate your vigilance as we work together to keep WashU secure.