Hackers’ latest tactic? Being annoying

October 22, 2022

Man holding cell phone that is getting notifications

If you’ve ever been on a road trip with small children, you may be familiar with them incessantly nagging “Are we there yet? Are we there yet?” until you break down and respond.

In a way, hackers are doing the same thing – only it’s with multi-factor authentication (MFA).

MFA services, like Duo, still remain a great way to protect your online accounts. If a hacker is able to crack your password, they’ll still need to get through another layer of protection, like a push notification on your phone, to access your data. However, hackers are using a method known as MFA Fatigue, which is a fancy way of saying they will ping you nonstop through your MFA service until you give up and provide access.

So now your security “road trip” looks like this:

A woman in a car screaming at her child in the backseat "Why can't you be normal?" The child in the backseat responds screaming with several Duo notifications surrounding him.

Before you approve that notification, double check that it’s coming from you!

1. Did you just try to sign into an application with MFA? This seems obvious, but many people fall victim to MFA fatigue when they assume that there’s a glitch with their application. If you receive an MFA notification to log into an app that you’re not currently trying to access, don’t approve it! Approving an unsolicited MFA notification will allow an unauthorized user into WCM systems. Contact ITS immediately if you received a Duo phone call or push notification that you did not initiate.

2. Check the location. When you open your MFA notifications in the Duo app, they often include the location of where the app is being logged into. If it’s not where you currently are, don’t approve it!

A cell phone with a Duo notification onscreen. There is a red rectangle highlighting the section of the notification where the location is.

3. Change your password. If you keep getting pinged by your MFA service, and you know it’s not coming from you, change your password ASAP. If you think your WCM account is compromised, please change your password and contact the Service Desk immediately.

October  is  National  Cyber  Security Awareness Month, an annual collaborative effort between government and industry to ensure we have the resources you need to maintain your security online. Throughout  October, we’ll be sending you tips on protecting your information and avoiding malicious attempts to extract your personal data.  Check out all the tips  here.

Before you approve that notification, double check that it’s coming from you!

Category:

Need Help?