Information Technology Services is reminding WSU students, faculty and staff to only approve multi‑factor authentication (MFA) requests if you are actively logging into WSU resources and have initiated multi‑factor authentication, prompting an MFA token to be sent.
WSU cybersecurity relies on MFA as an added layer of protection for our university community to safely access online resources for academic and business needs every day. MFA requires an individual to not only have a valid password, but also the MFA token received via one of several available options including text or Okta Verify phone application.
This week, malicious parties have taken a new approach to try to bypass MFA. They are relying on MFA fatigue causing a user to approve one of numerous MFA requests sent after the attacker obtains a valid username and password.
They are relying on MFA fatigue causing a user to approve one of numerous MFA requests sent after the attacker obtains a valid username and password.
Once account takeover is successful, the attacker is able to add their device to WSU user accounts for persistent access. The attacker then uses this opportunity to send phishing emails to other WSU accounts via Google form URL’s in the body of emails.
In a Jan. 5 email to the university community, WSU Chief Information Security Officer Michael Walters and Associate Vice President and Deputy Chief Information Officer Antony J. Opheim said the Information Security team is resetting login credentials for a number of accounts that appear to be compromised.
If you receive a phishing email, please report it to firstname.lastname@example.org.
If you experience a similar scenario with repeated MFA notifications, please contact Crimson Service Desk for assistance by calling 509‑335‑4357 or emailing email@example.com.