[Important Information for Employees] Phishing continues - Immediate Deactivaton of DUO Phone auth method required

Information Technology Services CIO Office its-cio-office at plattsburgh.edu
Thu Jul 17 16:51:01 UTC 2025 

Campus Community,

I'm writing to inform you that effective immediately the use of the DUO
Phone call method to authorize access to campus accounts is being disabled.

*Why is this immediate action necessary?*
Our campus is being heavily targeted by phishing attacks and bad actors
have had some success using this method to trick our users into allowing
access to their account.  Less than 4 percent of our campus users use this
method to complete the DUO login process, but its currently being used
almost 100 percent of the time by bad actors to trick you into allowng
access.

*What other methods of DUO authorization are still allowed?*

   - *Duo Push - most commonly used and prefered*
      - pushes a request to your Duo mobile app - enter 3 digit code on
      mobile device to proceed
   - *Duo Mobile passcode - moderately used*
      - enter a code from the Duo Mobile app (no wifi or internet required)
   - *Text Message passcode - less used*
      - text's you a passcode, enter code in browser to proceed
   - *YubiKey Token* - *almost never used*
      - physical device that can be used in instead of a smartphone,
      helpdesk has a small stockpile to be issued to employees on first come,
      first serve basis.
   - *Bypass Code - only needed when other methods don't work*
      - Enter a code provided by ITS Helpdesk

We apologize for the abruptness of this action, but it is necessary at this
time.

*What can you do to help?*
We really appreciate those that have been forwarding in the phishing emails
they have been getting, those along with our own ITS systems have provided
visibilty to deal with this latest influx user targeted scams.

What would really be beneficial to campus is that you pay more attention to
these phishing emails and random/unsolicited DUO authentication attempts.
The only way these bad actors are able to gain access to an account is by
tricking end users into making a bad decision, whereby the actions you take
are directly related to allowing them access to your account. *In other
words, they aren't breaking into your account, you are allowing them in!*

Once they gain access, they start sending emails from your account
(hundreds or thousands) to others both on and off campus looking to
compromise even more accounts.

If you have been using DUO phone as the only method to complete your
multifactor authentication, you may need to contact the helpdesk for help
setting up other methods.

Most users won't see any impact from this change.

If you have any questions or concerns, please contact the helpdesk using
one of these methods:

   - Email: helpdesk at plattsburgh.edu
   - Portal: its.plattsburgh.edu
   - Phone: 518-564-4433

Thank you for reading this long email notice and your willingness to help
improve the security of our accounts.

-- 

*TJ Myers*

Director & Chief Information Officer

Information Technology Services

215 Feinberg

101 Broad Street
<https://maps.google.com/?q=101+Broad+Street+Plattsburgh,+NY+12901&entry=gmail&source=g>

Plattsburgh, NY 12901
<https://maps.google.com/?q=101+Broad+Street+Plattsburgh,+NY+12901&entry=gmail&source=g>

(o) 518-564- <(518)%20564-2449>5180

(f) 518-564-3817

*plattsburgh.edu <http://plattsburgh.edu/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ls.plattsburgh.edu/pipermail/critical-employees/attachments/20250717/2c440fde/attachment.htm>

More information about the Critical-Employees mailing list