"UPDATE!!!" Phish

 

LSU Personnel started receiving phishing e-mails on March 20th, 2017 related to account verification.

Subject of the Phishing e-mail - UPDATE!!!

Sender Name - Internal users

Sender e-mail address - Internal to LSU* (multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of the phishing email

The content of the message states the following (Links and other descriptors have been removed for security purposes):

Screenshot of the phishing email

Content of the phishing email

This is a generated Email from Database to inform all users that verification is taking place to terminate all Reported/Spam and inactive LSU.EDU Account from our Database. If your account is very much Active and to Avoid De-Activation from our Database, Please Visit our VERIFICATION-PAGE and fill out the Verification form correctly to avoid termination of your LSU.EDU Account from our database.

Take Note: If You Refuse to update your account after 24hrs of receipt of the notification of this update, your account will be excluded permanently from our Database, we will not be responsible for the loss of your account. We apologize if you have experienced any difficulties due to this situation.


HELP-DESK
©2016-2017 ALL RIGHTS RESERVED.

Screenshot of the phishing site

The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site appears as below. 

Screenshot of the phishing site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.