Skip to main content

Defend Your Data: Don’t approve a Duo push you didn’t initiate, watch for phishing threats


Universities are attractive targets to cyber criminals, and the start of a new semester creates an opportunity for sophisticated scams that try to trick faculty, staff and students into giving up WVU Login credentials. To avoid inadvertently giving bad actors access to personal and University data, be vigilant about email, phone and text scams, and follow these tips from Information Technology Services.

  • Know the signs of phishing. Attackers often send emails that appear to be from campus leaders, supervisors or students asking you to click a link to open a document or join a meeting or group unexpectedly. Validate unusual and unexpected requests with a message or a phone call to the supposed sender using a number you already know or one you look up in the WVU Directory. If you accidentally click a link and provide your credentials, change your WVU Login password immediately.
  • Never approve a Duo push that you didn’t initiate. Attackers who get access to your username and password must still go through Duo two-factor authentication to access WVU systems. A push you didn’t initiate is an attacker trying to impersonate you. Once in, they can change your Login password, lock you out, add devices to your account, and use that access to scam others. Sometimes attackers will send multiple Duo approvals at once, hoping you approve one just to stop the notifications. Do not approve these requests and change your Login password immediately.
  • Never approve an unknown device to your Duo account. When you add a new device to your Duo account, you will receive a notification in the Duo app and an email from Duo asking you to confirm. If you receive a notification like this and did not add a new device, it’s an attacker trying to access your account.  Select “No, this wasn’t me” for both the Duo app notification and email. If you accidentally approve a notification and add an unknown device to your Duo account, immediately remove the device, and then change your password immediately. Verify that only your devices are registered by clicking “Manage Account” at
  • Follow WVU’s incident reporting and handling procedures. Report all suspected or known incidents to ITS immediately at or by using the Incident Report form. If you suspect you were scammed, don’t do anything to the system or the device until you receive further instructions from Information Security.

If you believe your account is compromised, go to and change your password immediately.