Subject: ACTION REQUIRED: - Mandatory Duo Security Update Update Duo Before May 25 Deadline
U-M Information and Technology <[redacted]@umich.edu>
Sat, May 24, 5:24 PM
to
You received this email because you’ve been identified as someone who has outdated DUO Settings
Action Required: Update Duo settings by May 25
Greetings,
In response to a recent phishing incident, we are strengthening our authentication protocols to safeguard your account and university data. Our records show that your Duo two-factor authentication (2FA) settings have not yet been updated to meet these enhanced security requirements. This upgrade is mandatory..
To ensure uninterrupted access to your account, please complete the update by May 25, 2025. Failure to act will result in the deactivation of your Duo authentication, requiring an in-person visit to our office for reactivation.
How to Update Your Settings:
Click here: Update Duo Settings [hyperlink that leads to fake login screen]
Log in with your University of Michigan credentials.
Complete Duo Push authentication and wait for the confirmation screen.
Do not exit the page manually—it will close automatically once the update is complete.
Security Reminder:
This link is unique to your account. Do not share it with anyone.
Duo for iOS devices
Duo for Android devices
Thank you for your patience and commitment to keeping our systems and data secure.
How can we help you?
Contact the ITS Service Center:
Chat: chatsupport.it.umich.edu
Call: 734-764-HELP (764-4357)
Note: The hyperlink in the email message leads to a fake U-M Weblogin screen designed to induce the recipient to provide their login and password, followed by a prompt to authenticate on a fake Duo screen.
For more information about related phishing scams, see the IA Security Notice: Be aware of sophisticated phishing attacks that target Duo two-factor authentication. To learn how to spot a fake login screen and what to do if you entered your credentials, see Look Before You Log In. See also Login Theft Scams.
