Stay Alert: Phone-based phishing attempts targeting universities

There has been a recent increase in phone-based phishing attempts reported across several of Duke’s peer institutions. These calls are designed to trick you into approving a login or enrolling a device the attacker controls. While there is no need for alarm, staying alert is important.

How the scam works

In these scams, callers may pose as IT support staff, the Service Desk, or even a supervisor. They often claim there is an issue with your account and may try to guide you through resolving a Multi-Factor Authentication (MFA) problem. Their goal is to get you to approve a login request or enroll a device they control.

Some of these calls can appear convincing. Attackers may use spoofed phone numbers that look legitimate or reference real roles within the university.

What you should do

• Don't approve MFA prompts from unexpected calls. If someone calls asking you to approve a login or Duo code, hang up. Always confirm before taking action.
• Don't share passwords, codes, or personal information. IT will never ask for these.
• Verify independently. If you get a call, look up the phone number or contact on a Duke website and call them back to confirm. IT expects this verification and supports it completely.

Taking a moment to pause and verify can make all the difference. Please feel free to share this message with your teams and colleagues. Your diligence and support helps keep our community secure.