Report fraudulent 2FA requests


Beware of fraud

What is a fraudulent 2FA request?

A fraudulent 2FA request is one you receive that was initiated by someone else trying to sign in as you. Only approve 2FA requests you initiate yourself, knowingly and intentionally.

Examples

What should I do if I receive an unexpected 2FA request?

Do not approve a 2FA request you did not initiate yourself, knowingly and intentionally. An unexpected 2FA request may be a fraudulent, unauthorized attempt to sign in as you.

Report fraud

Unexpected Duo Mobile notification

  1. StepsActions
  2. Did you receive an unexpected push notification from Duo? One you didn't initiate?
  3. Do NOT approve the request.
  4. Instead, tap the Deny button.
  5. Duo Mobile may ask why you are denying the request. If you suspect fraudulent activity, select It seems fraudulent to report it to UW-IT. Select It was a mistake if you know it wasn't fraudulent.
  6. Change your password to ensure your account is secure.

Unexpected phone call from Duo

  1. StepsActions
  2. Did you receive an unexpected phone call from Duo? One you didn't initiate?
  3. Do NOT approve the request.
  4. Instead, hang up without pressing any button.
  5. If you suspect fraudulent activity, report it by contacting the UW-IT Service Center.
  6. Change your password to ensure your account is secure.

Unexpected request to enter a Duo passcode

  1. StepsActions
  2. Is an unusual website asking you to enter a Duo passcode? One you didn't expect?
  3. Do NOT enter a passcode.
  4. Instead, exit your web browser.
  5. If you suspect fraudulent activity, report it by contacting the UW-IT Service Center.
  6. Change your password to ensure your account is secure.

 See also

How to report a phishing attack Report an Information Security or Privacy Incident