An active phishing attack at UAB is targeting accounts with fake DUO login attempts and Google forms.

To avoid the problem, please make sure you do not approve any DUO login attempt unless you are certain you requested it. Click “no” on login prompts from the app if you are unsure.

Some users who have been targeted by the phishing attack have also received emails regarding their passwords (see image below). UAB will never ask for your password via email.

Other users have received emails asking them to fill out Google or other forms (see sample image below). Your credentials and other personal or financial information could be stolen if you fill out one of the forms.

If you receive a suspicious email, report it with one click using the PhishNotify button in Outlook, or forward it to This email address is being protected from spambots. You need JavaScript enabled to view it..

For more information about how to avoid phishing attempts, visit uab.edu/infosec.

Examples of the phishing attack are below: