Two-step login with Duo is an additional security measure to protect your account and information in case your password is compromised. You should NEVER approve a two-step login request from Duo if you did not prompt it and are not expecting it.

If you get an unexpected Duo prompt, follow the instructions provided to report a fraudulent attempt to gain access to your account:

1. Deny the Duo request prompt
   • For phone calls: press 0.
   • For push notifications: click Deny on the notification you receive or in the Duo app. If you open the Duo app to Deny the request, it will then ask if this was a suspicious login:
     • Press Yes if you were not expecting the push. This will be reported to the Information Security Office and you will receive an email with further instructions.
     • Press No if this was a mistake and it will not be reported.
2. To ensure your account is secure, immediately go to netid.rutgers.edu, click on Manage NetID Password and login to reset your password.
3. If you use this same password for any other personal accounts (which is not recommended) make sure you change those passwords as well, in the event the attacker tries to use the same password to access your other accounts.

When receiving push notifications, the Duo app will also show the approximate location of where the request originated. This can further help identify if it is a fraudulent attempt to gain access to your account from a location you are not currently near.

Be aware that if someone is trying to get access to your account, they may send repeated Duo prompts to try to annoy you into approving it. This is a sign of an active attack; you should deny every request and change your NetID password as soon as possible which should also stop all fraudulent Duo prompts.

Should you have any further questions about an unexpected Duo prompt, please contact the OIT Help Desk at 833-OIT-HELP.