Alert: Cybersecurity attacks using DUO

Please be aware, that we have received reports of a recent cybersecurity attack targeting email and mobile devices that requests an individual to accept DUO for multi-factor authentication. 

 

What to Do

Never approve an authentication request for DUO that you did not initiate.

If you receive an email request or notification regarding accepting a DUO push, report the email to the Office of the Chief Information Security Officer by forwarding the message to security@ucla.edu.

Please remember, that you will only ever be asked to authenticate through DUO for multi-factor authentication when it is initiated by you. UCLA will never ask you to provide passcode, pins, accept push notifications, or requests via text or SMS.

Additional Reminders

  • Never submit your credentials (login information like passwords and user name) on 3rd party websites. 
  • Keep computers and mobile devices up to date.
  • Ensure updates and security patches pushed out to IT laptops/desktops are received. If working remotely, periodically connect to the network using VPN so that your computer is able to receive important updates.
  • Be skeptical of links included in text messages. If you are not sure of the legitimacy of the link, navigate to the site directly. 

 Support

If you have any concerns, questions, or uncertainties as it relates to keeping our systems and computing environment secure do not hesitate to visit our Guides for cybersecurity best practices.

Thank you for your continued vigilance and assistance in keeping our computing environment safe.