Information Technology Services LMU.edu
Apply Visit Give
Apply Visit Give
Information Technology Services LMU.edu
Apply Visit Give
Apply Visit Give

8 Rising Cyber Threats: What You Can Do

1. MFA Bombing: Duo Push Fatigue Attacks

Don’t approve unexpected Duo pushes.
If you receive a Duo push you didn’t initiate, it could mean someone has your password and is trying to log in.

Action Steps for LMU Users:

  • Immediately deny the push.
  • Change your LMU password via my.lmu.edu under “Account & Security.”
  • Report the incident to servicedesk@lmu.edu  with the time and app involved.
  • Enable Duo’s “Only allow Duo Push” setting to reduce risk from other authentication methods.
  • Tip for LMU Staff & Faculty: MFA bombing has been used in recent impersonation scams targeting LMU employees. Stay alert.

2. QR Codes

Think before you scan.Cybercriminals are placing fake QR codes in public spaces, emails, and even on flyers.

Action Steps for LMU Users:

  • Verify the source before scanning—especially on posters, handouts, or digital signs around campus.
  • Check the URL after scanning. LMU QR codes should lead to a .lmu.edu domain and often include the LMU logo.
  • Use LMU’s official channels (like LMU This Week or departmental emails) to access event info or pledge forms.
  • Tip for Students: QR codes on campus pledge forms, giveaways, and tabling events should always be vetted. If unsure, ask the event host or scan using a secure browser.

3. Deepfakes & AI Impersonation Scams

Seeing is not believing.


AI-generated videos and voice messages are being used to impersonate trusted figures.
Action Steps for LMU Users:

  • Verify requests through secure channels—especially if they involve money, credentials, or urgency.
  • Don’t rely solely on video or voice. If something feels off, confirm via LMU email or direct contact.
  • Report suspicious messages to servicedesk@lmu.edu.
  • Tip for LMU Community: A recent Southern California scam used deepfake videos of a celebrity to trick a woman into giving away her home. These tactics are evolving—stay skeptical and verify.

4. Be Wary of Phishing Emails

Scammers often impersonate LMU departments, professors, or services.
Action Steps:

  • Check the sender’s email address carefully. LMU emails should end in @lmu.edu.
  • Hover over links before clicking to preview the URL.
  • Report suspicious emails to servicedesk@lmu.edu.
  • When in doubt, don’t click—forward it for review.

5: Lock Your Devices

Leaving your laptop or phone unattended—even for a minute—can expose sensitive data.
Action Steps:

  • Set auto-lock timers on all devices.
  • Use biometric or strong PIN/password protection.
  • Never leave devices unlocked in public spaces like the library, labs, or classrooms

6. Use Secure Wi-Fi

Public Wi-Fi (like in coffee shops or airports) can be risky.
Action Steps:

  • Use LMU’s secure Wi-Fi (LMU-Wireless) when on campus.
  • Avoid accessing sensitive accounts (banking, LMU systems) on public networks.
  • Consider using a VPN when off-campus.

7. Back Up Your Data

Back Up Your Data

Ransomware and hardware failures can wipe out your files.
Action Steps:

  • Use LMU’s OneDrive or Google Drive for automatic cloud backups.
  • Back up important files weekly to an external drive or secure cloud service.
  • Keep multiple copies of critical academic or work-related documents.

8. Think Twice What You Share Online

Scammers use public info to craft convincing attacks.
Action Steps:

  • Avoid posting your LMU ID, class schedule, or travel plans online.
  • Review your social media privacy settings.
  • Be cautious about accepting connection requests from unknown people.