"Exchange/Outlook Web Access" Phish

 

LSU Personnel started receiving phishing e-mails on March 21st and 28th, 2017 related to e-mail activation due to email system upgrade.

Subject of the Phishing e-mail - Exchange/Outlook Web Access

Sender Name - External Users

Sender e-mail address - External Accounts (@washco-md.net and @fremontchristian.com)

Screenshot of the phishing message

The content of the message states the following (Links and other descriptors have been removed for security purposes):

The date within the message varies depending on the day the message is received.

Screenshot of the phishing message

Content of the phishing message

Today Tuesday 21st March, 2017. We are upgrading our email system for Outlook Web App 2017. This service creates more space and easy access to email. Please update your account by clicking on Activation below, fill information for activation and submit.

Click for Activation


Inability to complete the information will render your account inactive.


Thank you.

IT Admin Desk

Screenshot of the phishing site

The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site appears as below. 

The page is similar for the message received on the 28th, except for the URL.

Screenshot of phishing site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.