Monday, December 8, 2014 - 09:11

A new phone scam is targeting Duke faculty and staff, with the caller purporting to be from the IRS. Voicemails warn recipients that they need to call back about an important issue regarding their account before "immediate action" is taken.  On returning the call, they are told that they owe back taxes or penalties and must pay immediately, or face action from the IRS.  


These calls are a scam attempting to defraud recipients out of their money and should be avoided. According to the IRS's website:


"The IRS will always send taxpayers a written notification of any tax due via the U.S. mail. The IRS never asks for credit card, debit card or prepaid card information over the telephone. For more information or to report a scam, go to and type "scam" in the search box."


Should you receive a call of this nature, please hang up after noting the phone number it came from and let the Duke Security Offices know as soon as possible by emailing You can also call the IRS directly at 1-800-829-1040 to validate the call and receive help if there really is a payment issue.

Wednesday, November 19, 2014 - 13:22

As the holidays approach, it's a good time to prepare yourself for the email scams that will come with the season. A list of the 12 most popular scams, as documented by McAfee, can be found online. Here are a few highlights from the article we recommend that you consider:

  • Be wary of fraudulent email messages that appear to come from online stores where you may shop.
  • Be skeptical of messages that tell you about a great deal or say you have won something.
  • Don't respond to emails that ask for charitable contributions. Contribute to groups with which you are familiar.
  • Check your credit card for fraudulent charges.
  • Only install apps from the Google Play or Apple app stores to guard against malicious apps.

Remember: Be skeptical of emails you receive, and check every link by hovering your mouse over it to see where it goes. Should you receive a suspicious email, send it to

Friday, November 14, 2014 - 10:55

This month marks the one-year anniversary of the start of a series of phishing attacks aimed at stealing the paychecks of Duke faculty and staff. From November 2013 through March 2014, attackers sent three messages asking Duke employees to provide their usernames and passwords. Several employees' paychecks were diverted to bank accounts controlled by the attackers. Duke was not the only target. According to REN-ISAC, a national group that promotes cybersecurity in research and higher education:


"Universities and colleges have been targeted by spearphishing campaigns designed to steal user credentials for many years. Stolen credentials are used for many purposes, such as sending spam from compromised email accounts, optimizing search engine results for black market pharmaceutical web pages, gaining access to university-licensed resources, and hosting malware.


"For roughly the past year, many of these campaigns have used harvested credentials to alter a victim’s direct deposit information. Targeted individuals include both faculty and administrators from various departments. Several of the attacks appear to have specifically targeted individuals in university medical and dental programs. These emails often use subjects related to salary increases to lure victims into clicking on malicious links. Subject lines have included: 


  • Your Salary Review Documents
  • Important Salary Notification
  • Your Salary Raise Confirmation
  • connection from unexpected IP
  • RE: Mailbox has exceeded its storage limit."


As a result of these attacks, Duke implemented new security measures designed to protect our community from attackers attempting to steal credentials.  The most important of these defenses, multi-factor authentication protects your access to Duke systems by requiring not just a password (something you know), but a second form of verification like a phone or hardware token (something you have).  


The Duke community continues to receive fraudulent email messages that attempt to trick you into providing your username, password or other information. Just this week, more than 1,100 people received this message, directing recipients to a page that looks very much like Duke’s authentication page


We encourage you to act with caution. Should you receive a questionable email, please forward it to, and do not click on the link!  We also encourage you to sign up for Duke’s multi-factor authentication service ( in order to protect your account.


Thank you for doing your part to keep your account and Duke safe!