ALERT: Beware of Duo Authentication phishing emails

Thursday, June 2, 2022

A new phishing email scam has been reported at U-M that is designed to capture a user’s UMICH password and a Duo passcode that may be used to log in to university systems.

Summary

Some key identifiers of this phishing message are:

The From address is “U-M TeamDynamix <teamdynamix@umich.edu>.” This is a forged address.

Subject: DUO Authentication

The message body begins with the following and provides a link to a fraudulent login screen that appears identical to the weblogin@umich.edu page but has an incorrect URL.

“U-M Weblogin
DUO AUTHENTICATION
This is to inform you that the school database was currently upgraded and your Duo token got out of sync. Follow the steps below to sync your Duo two-factor authentication to the school database.”

Action Items

The best way to spot this as phishing: Examine the URL of the fake login page(s). The real U-M login page URL will start with "weblogin.umich.edu."

What to do if caught by this scam: Anyone who thinks they may have been a victim of this scam should immediately change their password and unenroll then re-enroll with Duo.

See Phishing Alert: DUO Authentication on Safe Computing for more details about this specific phishing email.

Please be aware of this ongoing scam and share this reminder with staff who may be contacted by students.