Fake DUO Authentication Request

October 9, 2023

What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear to cause the recipients to act, scanning the QR code which leads to a malicious link.

This targeted phishing scam uses urgency and fear to cause the recipients to act, exposing their personal information.

Tips if Something Seems Off:

  • Double-check the email address before responding.  Individual email users (even accounts made to look like berkeley.edu accounts) will never ask for this action.
  • If the link is followed, the campus will NEVER ask for credentials to be entered on any site that is not a UCB CAS authentication page.
  • Look to make sure the email address is correct. In Gmail hover your mouse over the sender name for the email to display. On a mobile phone or a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.
  • Follow up with the sender separately
  • If you didn’t expect it, reject it. Or follow up with the individual directly in a separate email or call/text to confirm.

  • Report and/or flag it
    • Open the message
    •  To the right of the 'Reply' arrow select 'More' (typically denoted with three vertical dots)
    • Then 'Report phishing'

If you are unable to log into bMail, forward the message to phishing@berkeley.edu(link sends e-mail) For more information visit https://security.berkeley.edu/resources/phishing

Original Message: