We want to alert you to a new level of phishing attack that is currently being launched against institutions across the country. This attack exploits some Duo multifactor authentication options. Please review this Knowledge base carefully.
The attacks will typically begin as an email with a generic subject, such as “An important message from NSU”, containing a link which takes you to what looks like the NSU WebLogin page, but upon closer inspection, does not have the correct northern.edu address, nor does it have a secure (https) connection. If a NSU login name and password is entered, you are then directed to a fake Duo authentication page asking you to generate and enter a passcode. If you respond, the attacker will gain control of your account.
Here's how you can protect yourself:
Use Duo effectively
• Whenever possible, use Duo Push through the mobile app - it is the most secure option.
• NEVER authorize a prompt or call you did not initiate whether it’s through the phone or a push, click on “Deny”!
• Never provide another person with a Duo authorization passcode.
Look at the link
• Before clicking on any link, verify the link by hovering over it to display the destination web address.
• Be suspicious of any e-mail with a link that takes you directly to an authentication page.
• Verify that any site asking for authentication via the web uses a ‘northern.edu’ address.
• The URL should always start with https://. The “s” is critical – it means “secure”.
If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:
• Change your NSU password immediately: https://passwordreset.microsoftonline.com/
• Contact the NSU Help Desk:
Two factor authentication remains the most effective mechanism to deter the use of stolen passwords. However, there will always be bad actors looking to break through even the most robust defenses. Following the tips above will keep your account, and Northern State University, secure and protected.