Smishing and MFA Fatigue Attacks
Alert - Smishing and MFA Fatigue Attacks
Dear Students, Faculty, and Staff
The start of a new semester is a prime time for cybercriminals to strike, taking advantage of the surge in digital activity and institutional transitions.
While phishing emails remain the most common form of attack, other methods are becoming more frequent, including:
- Smishing – phishing via text message/SMS
- MFA fatigue attacks – repeatedly sending multi-factor authentication requests using compromised credentials until the user accepts one
Please note that UTRGV IT Services or Information Security will never ask for your password or MFA verification code via phone call, email, or text message. It's essential to be cautious and protect your credentials at all times.
This is a real example of a recent smishing attack. If you received this type of text, we highly recommend resetting your UTRGV password. You can do this by contacting the UTRGV Helpdesk at 956‑665‑2020 or by visiting the UTRGV Password Reset Page at https://myaccount.utrgv.edu/. Taking this step will help ensure the security of your account.
Please block the number shown in the screenshot below. Note that cybercriminals may rotate numbers as part of their evolving tactics. This exact number has been used in three reported attacks.
Screenshots of a smishing text exchange
Three images showing an iPhone contact view and a back‑and‑forth text exchange that attempts to obtain MFA approval and verification codes.
-
Contact card showing the spoofed number used in the smishing attempt. -
Initial bait asking the user to confirm email termination. -
Escalation to MFA fatigue and request for verification code—both are malicious.
Text transcript of the screenshots
Screenshot 1: iPhone contact screen for +1 (559) 200‑9055
Screenshot 2: Message: “Hello! I am Camila Rutter from the Information Security and Operations Team at The University of Texas Rio Grande Valley. For clarification, are you [name]? —IT HELP DESK. Can you please confirm if you have requested the termination of your current school email? Kindly reply with YES or NO.”
Screenshot 3: Message: “You will receive a call from the school IT Back End to verify if ****9314 matches the last four digits of your phone number. Ensure continuous access to the portal. This is a security measure… Please make sure to accept the call. Do you understand? What is the short code sent to you?”
Note: These are fraudulent messages attempting to trigger MFA fatigue and obtain verification codes. Do not respond, do not accept prompts, and do not share codes.
It’s always important to stay alert, but now more than ever, we must be proactive in protecting ourselves from cyber threats.
If you notice anything suspicious, please report it to the Information Security Office immediately.
Sincerely,
Information Security Office