"IT-Service Password Update" Phish
LSU Personnel started receiving phishing e-mails on March 14th, 2017 related to Password expiry and requesting users to update their password.
Subject of the Phishing e-mail - IT-Service Password Update
Sender Name - External user
Sender e-mail address - External e-mail address (@live.longwood.edu)
Content of the phishing message
The content of the message states the following (Links and other descriptors have been removed for security purposes):
Your Pass-word will expire In 2 days to keep your pass-word CLICK=HERE and enter your
username and pass-word correctly and click on Send immediately to keep your pass-word
active and updated.
IT-Service Help Desk.
Screenshot of the phishing site
The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site appears as below. Please note that LSU's actual e-mail web portal does not appear as below.
NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.