"Dear LSU Mail Account User" Phish
LSU Personnel started receiving a phishing e-mail on February 25th, 2017 related to suspended e-mail account and account verification.
Subject of the Phishing e-mail - Dear LSU Mail Account User
Sender Name - Internal LSU Users
Sender e-mail address - Internal E-mail Addresses* (Multiple Users)
*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.
Content of the phishing email
The content of the message states the following (Links and other descriptors have been removed for security purposes):
Your LSU account has been temporally suspended, and this means that you will not be
able to send and receive new email messages. This is because of the on-going yearly
web maintenance and deleting of inactive LSU accounts. You are then requested to verify
your LSU account below for upgrading.
Click Or Open this link to VERIFY your Account: CLICK HERE
WARNING! LSU Account owner, that refuses to update his/her account after five (5) days of receipt of the notification of this update, your account will be excluded permanently from our LSU Database we will not be responsible for the loss of your account.
Copyright ©2017 LSU - Network Webmaster. All Rights Reserved
Security Alert Office.
Thanks for your anticipated co-operation,
Screenshot of the phishing site
The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site looks similar to below:
NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you to verify your account or unblock your account in such a fashion.