Report Fraudulent Attempts

When and How to Report Two-Factor Authentication (2FA) Fraudulent Attempts

Two-Factor Authentication (2FA) is a two-step process to log in to Andrews University's systems and services, and all un-requested 2FA authentication attempts should be denied in order to protect your account; however, only those that are truly an attempt by someone other than yourself to access an Andrews University account should be reported as fraud.

What Is a Fraudulent Attempt?

A 2FA fraudulent attempt is an unauthorized attempt to access an Andrews University account by someone other than the account holder. This is a serious security risk that needs to be taken very seriously.

Report all fraudulent attempts; however, it’s important to know the difference between an actual fraudulent attempt and something that isn’t fraudulent but might appear to be.

Examples of Fraudulent Attempts

If you receive a 2FA authentication request that you did not initiate (for example, you’re in a restaurant and receive a push notification that you didn’t request at a time when you are not attempting to log in to an Andrews University resource), then it might be an indication that someone else is trying to gain access to your account.

Deny the authentication attempt in order to protect your account, and report it as fraud if you are certain that the attempt is a fraudulent attempt (see “How to Report a 2FA Fraudulent Attempt” below).

Reporting a fraudulent attempt on your account will result in the locking of both your Andrews account and Duo Security account. You will need to contact the ITS Helpdesk in order to have the accounts unlocked and be able to resume normal activities.

Examples of what Might Not Be a Fraudulent Attempt

You should deny any request for authentication that you do not believe is a request that you initiated, but the following are examples of login attempts that might appear to be fraud at first glance but are not attempts by someone else to access your account. These should not be reported as fraud.

• Automatic login attempts
  Some 2FA-protected systems or services, are set to automatically log in, so a computer that was left on and is attempting to log in to a 2FA-protected service might send a push notification or make a phone call when it has not been initiated by the account holder. Always deny the unexpected authentication attempt in order to protect your account, but check whether there might have been a legitimate reason for having received the authentication attempt before reporting it as a fraudulent attempt.
• Misinterpreting an IP address
  The IP address that appears on a push notification is not necessarily indicative of where the login attempt came from. For instance, push notifications initiated in State College might list Altoona as the location of the IP address. This does not mean that the request for authentication is coming from someone in Altoona. Do not report fraud for an authentication attempt that you initiated because the IP address shows a different location than you expected.
• Testing the Duo Mobile App
  Do not test the fraud functionality of the Duo Mobile app. It works and will result in a fraudulent report. Your Access Account and your Duo Security account will be locked.

How to Report a 2FA Fraudulent Attempt

If you are certain that you did not attempt to login to a 2FA-protected system, then you are most likely experiencing a fraudulent attempt to access your account:

1. Reject the notification on your mobile device by selecting Deny and confirm why you are denying the notification. A notificatoin email will be sent to the Andrews University ITS system administrators
2. Change your Andrews password immediately.
3. Contact the ITS Helpdesk for additional assistance.