Tag Archives: Duo

Phishing, Rogue Sharkpass/DUO pushes, and Job scams

November 10, 2023TechNews20231110, Cybersecurity, Cybersecurity Tips, Cybersecurity Training, Duo, Phishing Email, Phising, SharkPassito0

A “wolf in sheep’s clothing”: someone or something that seems to be good but is actually not good at all

Some of you may have received a Phishing Email with the subject “A file has been shared with you”, or something similar. This email “appears” to be coming from someone within Simmons or even from an external email address. Clicking the link brings the victim to a web page that looks like an official-looking webpage and asks them to enter their username and password. Once that information has been entered on the webpage it is captured by the cyber criminals.

Almost immediately following, the cybercriminals attempt to login to Simmons’s email and systems with the stolen credentials and the victim will receive a Duo authentication request known as a “Rogue Push”, meaning one that was not requested. If the victim approves the Duo request, then the cybercriminals are allowed in. Think before you click!

The Job Scam is intended to steal money from the victim in one of two ways. The first is that they ask for personal information plus a bank name. They will then send an official looking email from that bank asking the victim to confirm details and maybe to reset a PIN code. The scammers will try to use this information to login to the bank account and withdraw money. The second way is to send the victim a paycheck in advance with instructions to use that check to purchase supplies or a computer from their vendor. The victim purchases these items before the bank has time to clear the deposited check. The fake check will bounce and the victim is left responsible for the purchases. Other variations of this scam have involved sending cryptocurrency such as bitcoin to the scammers.

As phishing and job scams targeting higher education persist, vigilance is key. Carefully inspect unsolicited emails and do not click links or provide information without verifying legitimacy first. Report suspect message as phishing in Gmail. Research employers thoroughly when job hunting and avoid requests for upfront fees or personal details. Never provide banking information. Stay alert and contact the IT help desk with any online safety concerns. Using caution and common sense are our best defenses against those looking to take advantage.

New cell phone or mobile device?

December 16, 2022TechNews202212, Duo, Duo Mobile, New Device, SharkPassito0

Picture of new mobile device If you are getting a new mobile device, it is important to enroll it with SharkPass/Duo to avoid any potential service disruptions. If you still have access to your existing device, you can find instructions on how to enroll a new device on the SharkPass information website. If you need a new activation link, you can contact the Simmons Technology Service Desk or call 617-521-2222 for assistance with enrolling your new device.

Important Sharkpass/Duo Changes

December 16, 2022TechNews202212, Duo, Duo Changes, Duo Mobile, Duo Updates, SharkPass, Universal Promptito0

Logo of Duo Security Simmons Technology partners with Duo, our two-step authentication vendor, to provide students, faculty, and staff with a secure and seamless login experience. As part of our ongoing effort to improve security, we periodically review and update our security controls. We are currently looking at ways to improve our security platform, and as a result, there will be changes to the way we connect to Simmons’ computing resources. We ask that members of the community pay attention to any updates and be aware of how these changes may impact them.

Universal Prompt

On January 10, 2023, Simmons Technology will be implementing the Universal Prompt for Sharkpass/Duo, which will change the appearance of the login process for Simmons resources. The new prompt will have a redesigned interface that is sleeker and more simplified. This change is part of our ongoing efforts to improve the user experience and enhance security.

What do I need to do?

You do not need to take any specific action in preparation for this change. The Universal Prompt will automatically choose Duo Push as your preferred authentication device when you log into a Simmons resource. We ask that you be aware that this change will take effect on January 10, 2023, and be prepared for a slightly different login experience. All device management functions will still be available in the new interface, but the way these features are accessed may change.

For more information about the Universal Prompt’s redesigned user interface, please visit the SharkPass information site.

Upcoming Sharkpass Duo Updates

October 13, 2022Special News, TechNews202210, Cybersecurity, CybersecurityAwarenessMonth, Duo, Duo Updates, Information Security, Sharkpass Duo, Sharkpass Duo Updatesito0

Simmons Technology will be updating Duo Security — the technology behind Simmons Sharkpass — to the Universal Prompt which will affect the look-and-feel of logging into Simmons resources.

After this change, a redesigned prompt will be presented to users at the time they login providing a sleeker, more simplified interface.

Stay tuned! More details to be announced soon.

Important Sharkpass/Duo Changes

May 17, 2022TechNews202205, Duo, Information Security, SharkPassito0

Icon of No Phone Simmons uses SharkPass to provide an additional layer of security for our Simmons login. In recent years, SMS passcodes, Duo Mobile Passcodes, and Telephone voice call verification have become avenues for scammers to steal login credentials.

On July 11, 2022, Technology will disable the use of SMS passcodes, Duo Mobile passcodes, and telephone voice calls as authentication methods for SharkPass. Users authenticating using their Simmons Account credentials after this date must use a Duo Push to their mobile device, or an approved security token.

The Duo Push is the preferred authentication method for Sharkpass/Duo as it offers an easy-to-use and seamless experience for the community in addition to increased security.

To avoid any potential service disruptions, be sure to enroll and begin to use your Duo Push-enabled smartphone or mobile device to be used with SharkPass. Instructions may be found at the SharkPass Information website.

What if I don’t have a cell phone or mobile device?

If you do not have a cell phone that is compatible with the Duo Push, you may be eligible for a free two-step verification hardware token. Please contact the Service Desk, at 617-521-2222.

These changes are a part of Simmons’ continual efforts to make our systems more secure. Please be on the lookout for future communications describing improvements to this service.

Sharkpass/DUO Do’s and Don’t

January 25, 2022Special News, TechNews202201, Cybersecurity, Duo, Information Security, SharkPassito0

While Sharkpass/DUO gives us an edge against cybercriminals, it is not foolproof. Imposter login websites often include a false DUO page and ask for you to input a code from your DUO mobile app. Doing so gives up your account to thieves who then have access to your personal information and the ability to direct your paychecks or refunds away from your bank account. Simmons Sharkpass/DUO page will also only begin with “idp.simmons.edu.”

What we’ll be doing

January 25, 2022Special News, TechNews202201, Cybersecurity, Duo, Information Security, Information Strategyito0

Simmons Technology continues to review recent incidents and take actions that make our infrastructure safer and less appealing to cybercriminals but there isn’t much we can do if you give away your credentials online. In an effort to make our login process more secure, we will be doing the following in the near future:

Removing DUO mobile passcode, phone callback, and SMS passcode features from Sharkpass/DUO. Logging in will require utilizing a “Push” to your mobile device.
For those unable to use the DUO Push notification on their mobile app, hardware tokens and security keys will be made available.
Implementing a mandatory password reset for the community.

We realize these measures will cause a small change in the way some of us work and utilize Simmons resources. We are confident that after a brief adjustment, all will be able to adapt and aid in helping create a safer online environment. Please stay tuned for more information about these upcoming information security changes. And please reach out to me or the Technology Service Desk ([email protected] or 617-521-2222) with any questions or concerns.

Thank you,

David Bruce
Vice President, CIO
Simmons University

Sharkpass Duo Mobile App Update

October 6, 2021TechNews202110, Duo, Duo Mobile, Duo Mobile Update, SharkPass, Software Updateito0

Screenshot of Updated Duo Mobile Beginning in October, Duo Security — the technology behind Simmons Sharkpass — will be updating their mobile application on Apple iOS and Android platforms. The redesigned application, which will be released through the Apple App Store and Google Play Store, will be delivered if you have automatic updates enabled on your device. The new version’s improvements include:

Updating the position of the Approve / Deny buttons so that Approve is on the right, a more natural location.
Improving the accessibility of the app, including adding a landscape view, variable font sizes, and improved color contrast.
Providing clear guidance on restoring your accounts if you get a new phone.
Making it easier to find and manage your accounts with a simpler interface.

The new version will contain all the functionality of the current one. All of your protected accounts will be automatically present in Duo Mobile after the update. You will not need to re-add anything. In addition, all of your existing settings, such as for Duo Restore for third-party accounts like Instagram or Facebook, will also carry over automatically.

Duo can also be used to secure access to other online accounts and services such as Twitter, Facebook, and Amazon.com. Check out Duo’s Guide to Two-Factor Authentication.