Multi-factor authentication to bring more protection from phishing, scams

A scam risk information page can be found on the cmich website.

Scam incidents are a common occurrence for the Central Michigan University Police Department. 

On average, CMUPD receives a report of fraud every couple of weeks, whether it be a victim cashing in a "bad check" or sending scratch-off gift cards to pay a fake debt.

In order to address phishing, the Office of Information Technology is implementing multi-factor authentication (MFA) for all CMU students beginning April 5.  

MFA will require students to accept a prompt on their phones when logging into their CMU account off-campus, adding an extra layer of virtual security.

Scams are often made possible by phishing, which allows scammers to hijack email accounts and steal digital identities. 

A phishing scam often appears in the form of an urgent notice from the "university" that your account has been compromised. This notice includes a link that takes a person to what appears to be a CMU login page. 

When people input their username and password, the scammer will use that information to access the victims' accounts and start sending other phishing and spam emails.

OIT Communications Manager Kole Taylor said the added security should help the problem.

"It's impossible to understate how significantly MFA improves account security, and it's much more convenient than people think," Taylor said.

CMU staff and faculty are already fully enrolled in MFA, and by Fall 2021, the entire campus community will be covered.

Despite being a common online feature, Taylor said MFA is just being implemented now because of improving technology, funding and "social readiness" at CMU.

According to Taylor, phishing and attacks on account security have only been increasing, especially during the COVID-19 pandemic.

"With an increasing number of online threats, account security is more important than it has ever been," Taylor said. "At the same time, more people than ever are familiar with MFA because nearly every major online service offers it. This makes it a perfect time to provide the added security to all CMU accounts."

Beginning April 5, students will see an invitation to self-enroll in Duo MFA. Enrollment will be optional until the beginning of the Fall 2021 semester, at which point it will be required. The OIT recommends enrolling as early as possible.

For more information about MFA, visit the OIT webpage. As always, forward suspicious emails to CMU’s spam hotline at

"Individual account security might feel like a small thing, but it has an incredible impact on all of CMU," Taylor said. 

Below is an example of a phishing scam and a few red flags to help spot it: