Scam attempting to get personal information reported at UK

University of Kentucky Information Technology Services (UK ITS) would like to warn students, faculty and staff of a variety of scams that attempt to gain access to university accounts by obtaining multi-factor authentication (MFA) codes. MFA is an additional security measure that sends a unique code to the user when the user logs into a personal account. UK uses the Duo app for MFA.  

UK ITS will never initiate a call, email or text asking anyone in the university community for their Duo code or passwords. The only time UK ITS will ask for personal information is to verify your identity if you request technical assistance with ITS Customer Services.  

Never give out your password or MFA code over the phone, via email or text. It is also important to beware of unauthorized multi-factor authentication push notifications. For example, if you receive a text message, email or notification asking to verify an account login, but you have not attempted to login to any of your online accounts, deny access.   

For scams that reach your UK email inbox, please take steps to report the message. If your personal information has been compromised, change your password immediately and follow the steps outlined in What to do if your University of Kentucky Account Has Been Compromised .   

As a reminder, never reuse your passwords. Use a password manager to generate and keep track of strong, unique passwords. Read more about MFA here.  

For cybersecurity tips and tricks, follow UK ITS on social media or visit our CyberSafeCats website at its.uky.edu/cybersafe.