"Microsoft Exchange (Email Validation)" Phish

 

LSU Personnel started receiving phishing e-mails on March 28th, 2017 related to validating active accounts.

Subject of the Phishing e-mail - Microsoft Exchange (Email Validation)

Sender Name - External User

Sender e-mail address - External Account (@ucad.edu.sn)

The content of the message states the following (Links and other descriptors have been removed for security purposes):

Phish Email

The URL provided in the e-mail does not belong to LSU or Microsoft and directs the user to a third-party site. The third party site appears as below and looks very similar to Office365 login page.

 Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.