Skip to main content
Information Security

ACCOUNT TAKEOVER PHISHING

(ALSO KNOWN AS ACCOUNT COMPROMISE)

HOW DOES THIS HAPPEN?

phone email offering gifts and money

Email Request

You receive an email offering you something or telling you to do something. Email has a link to a fake (phishing) page that requires you to log in with your BYU login and password.

Phone with a big check mark button

Text or Call

Scammer tries to get into your account by sending texts, or calling, pretending to be BYU IT support, and asking you to "approve" a Duo push or give them the Duo code.  They may also try to access your account by sending you multiple Duo pushes until you "approve" one.

laptop with lots of personal information on the screen

Takeover

Scammer signs into your account with your stolen credentials and Duo push. They may access your email or other university resources, including financial systems. 

robber leaving a phone screen with money

Payoff

They access your BYU financial account information and change your deposit bank account (used for scholarships, grants, loans and paychecks) to one they control.

NOTE:


BYU's IT personnel WILL NEVER ask you to accept a DUO push you didn’t initiate with a login or ask you for a DUO passcode. If someone asks for those things, end the conversation and contact the CES Security Operations center (801) 422-7788.


WHAT CAN YOU DO ABOUT IT?


DON'T FALL FOR PHISHING

Don't fall for any suspicious emails, messages, or calls asking for your login credentials or personal information. Avoid clicking on suspicious links or downloading attachments from untrusted sources. If you receive a suspicious or unexpected request, forward the email to phishing@byu.edu.
data-content-type="external"

INTRODUCTION TO PHISHING

Click to View
overrideBackgroundColorOrImage= overrideTextColor= promoTextAlignment= overrideCardHideSection= overrideCardHideByline= overrideCardHideDescription= overridebuttonBgColor= overrideButtonText= promoTextAlignment=

USE DUO CORRECTLY

If you receive any Duo access requests that you didn't initiate or receive a call asking for information, do not respond. Call the CES Security Operations Center at 801-422-7788 or the BYU Help Desk at 801-422-4000.
data-content-type="external"

LEARN ABOUT DUO FATIGUE SCAMS

Click to Learn
overrideBackgroundColorOrImage= overrideTextColor= promoTextAlignment= overrideCardHideSection= overrideCardHideByline= overrideCardHideDescription= overridebuttonBgColor= overrideButtonText= promoTextAlignment=

CREATE STRONG PASSWORDS & MONITOR YOUR ACCOUNTS

Create strong and unique passwords for each of your online accounts. Do not reuse passwords on multiple accounts. Regularly review your account activities, transaction history, and notifications for any signs of unauthorized access or suspicious behavior.
data-content-type="external"

CARS, DUCKS & PASSWORD VIDEO

Click to View
overrideBackgroundColorOrImage= overrideTextColor= promoTextAlignment= overrideCardHideSection= overrideCardHideByline= overrideCardHideDescription= overridebuttonBgColor= overrideButtonText= promoTextAlignment=