Don’t Get Phished: How to Keep Your Tufts Account Safe

(Published March 25, 2026 | Christine Fitzgerald)

Illustration showing a phishing email being blocked and a Duo login request denied to represent account security

Phishing scams are still targeting Tufts students—and they can be surprisingly convincing. Some messages look like they come from trusted tools (like Google Forms) and may even follow up with a text asking you to approve a Duo login.

Knowing what to watch for can help you avoid getting locked out of your account—or having it used to scam others.

 

 

How These Scams Usually Work

  • You get an email with a link that looks legit.
  • The link leads to a fake form asking for your Tufts username, password, or phone number.
  • After that, you may get a text asking you to approve a Duo login or share a Duo code.
  • If you approve it, the attacker can get into your account and send phishing emails from you.

What to Do (and What Not to Do)

  • Only approve Duo when you’re logging in: If you get a Duo push and you’re not trying to sign in, deny it. An unexpected Duo request is a big red flag.

  • Ignore texts about “verifying” your account: TTS will never text you to fix, secure, or restore your account. Any message like that is suspicious.

  • Never enter a Duo code sent to you by someone else — ever: No one at Tufts will send you a Duo code and ask you to enter it. Doing so lets attackers bypass account security.

  • Think You Might’ve Clicked Something?: If you clicked a suspicious link, filled out a form, or approved a Duo request by mistake, don’t panic—but act fast. Call TTS at 617‑627‑3376 so they can help secure your account.

One Last Thing

Phishing works because it creates urgency. When something feels rushed or unexpected, pause and double‑check before clicking. Staying alert helps protect you—and the rest of the Tufts community.