Attack Attempts on Duo Push

Students, faculty, staff, and alumni have been the target of various Multi-Factor Authentication (MFA) attacks, sending false Duo Push notifications to hack Western Office 365 (O365) accounts. These include: 

Persistent Requests

Attackers attempt to login to O365 accounts, sending multiple/spamming Duo Push requests to annoy the user into accepting the request, therefore approving the login and compromising their account.

Masked Requests 

Attackers strategically send login requests during users’ normal login time in hopes that their illegitimate/false request will be accepted when mixed with legitimate/real request. 

Phone Verification

Phone calls and push notifications both act in a similar way where the user is prompted to accept a login request but phone calls do not provide any information on the login location.


Attackers contact or call the user to trick them into reading out a pin or accepting a login request. It is important to note that WTS Staff will never ask for a user’s DUO code or password.  

Please follow the steps below to ensure the Duo Push was prompted by yourself. 
For more information on MFA, please visit


The Do's and Don't's of DUO - MFA

If you receive a push notification from Duo:



  • Double check the verification in Duo Push-Notification to match your current login, if you attempted to login.
  • Deny login if the attempt was not made by yourself.
  • Report the login as suspicious. 
  • Approve unrecognized, logins, locations, or login times.


  DUO Multi-Factor Authentication

Duo Screenshot Walkthrough.png 

Did I log in at the moment the DUO Push notification was sent?


Is it from the same location as you?

Is it the same app you’re logging in to?

Is it your own username?


If YES to all of the above, approve the login.

If NO to any of the above, deny login and report it as a suspicious login.


Deny login and report it as a suspicious login.

Published on  and maintained in Cascade.