"Security Alert Office" Phish


LSU Personnel started receiving a phishing e-mail on February 25th, 2017 related to mailbox re-validation. 

Subject of the Phishing e-mail - Security Alert Office

Sender Name - Internal LSU Users

Sender e-mail address - Internal E-mail Addresses* (Multiple Users)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Content of the phishing email

The content of the message states the following (Links and other descriptors have been removed for security purposes):

This is an automatic message by system to let you know that you have to confirm your account information. An Attempt has been made to login from a new computer, You might not be able to send or receive new mail until you re-validate your mailbox .To re-validate your mailbox.- CLICK HERE

Thank you.

LSU Email Support

Screenshot of the phishing site

The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site looks similar to below:

Screenshot of the phishing site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you to verify your account or unblock your account in such a fashion.