New UB account phish: Fake login and Duo pages

By Michael Canfield
IT Communication Specialist

• Fake login page: Individuals receive an email prompting them to log in to what appears to be a UB page. This fake page accepts anything you enter – it doesn’t validate your credentials, but simply redirects you to the next step.

• Fake Duo page: After the fake login page, individuals are taken to a counterfeit Duo two-factor authentication page. Here, the page requests a passcode specifically rather than providing the option to send a Duo push, which is the more common authentication method at UB. This is a key red flag: Duo should usually give you the option to receive a push notification. 

• Account compromise: Once the attacker captures your Duo passcode, they gain full access to your account, allowing them to modify settings and add their own devices to your Duo profile. 

• Verify Duo requests: Take an extra second to review your Duo login options. If you’re asked for a passcode instead of receiving a Duo push, stop what you’re doing. This discrepancy may indicate a phishing attempt.

• Review devices in Duo: Regularly review your Duo account to ensure that all listed devices are familiar and authorized. Remove any devices that you don’t recognize. 

• Be wary of unexpected login requests: If you weren’t trying to log in, but receive a Duo authentication prompt, this is a sign someone might be trying to access your account. If you do receive one, change your UBITName password immediately.

If you have any reason to believe your UBITName account has been compromised, change your password immediately—log into the UBITName Manager, or contact the UBIT Help Center at 716-645-3542, or online at buffalo.edu/ubit/help.

If you believe you are the victim of identity theft, you can report the theft and make a recovery plan at identitytheft.gov.

You can always find the latest tips and alerts about cyber security on the UBIT website—just visit buffalo.edu/ubit/safe.