May 16, 2024
The Office of Information Technology Cyber Security department would like to inform the Georgia Tech community about a DUO authentication security issue:
Cyber scammers are exploiting a vulnerability through repeated DUO phone calls until the user accepts, unknowingly granting access to their account. (DUO is a two-factor authentication (2FA) system used by Georgia Tech that adds an extra layer of security to online accounts.) This tactic, known as a DUO phone call scam, is a serious threat to the security of your Georgia Tech accounts and personal information. Attackers are using this method to bypass 2FA and gain unauthorized access to sensitive data.
To protect yourself from falling victim, we urge you to remain vigilant and follow these important precautions:
1. Verify calls and notifications: Before accepting any DUO phone calls or notifications, ensure that it has been initiated by you or someone you trust. If you receive unexpected or suspicious calls, do not accept them.
2. Never share personal information: Never provide personal information, account credentials, or verification codes over the phone, unless you are absolutely certain of the identity of the caller.
3. Report suspicious activity: If you suspect that you are being targeted by a DUO phone call scam, or any other form of fraudulent activity, such as a phishing attempt via email, please report it to our Security Operations Center at soc@gatech.edu.
Your security is our top priority and we are actively working to address this issue and prevent future occurrences. In the meantime, please remain cautious and take necessary steps to protect yourself from potential cyber threats.