"Microsoft Exchange (Email Validation)" Phish
LSU Personnel started receiving phishing e-mails on March 28th, 2017 related to validating active accounts.
Subject of the Phishing e-mail - Microsoft Exchange (Email Validation)
Sender Name - External User
Sender e-mail address - External Account (@ucad.edu.sn)
Screenshot of the phishing message
The content of the message states the following (Links and other descriptors have been removed for security purposes):
Content of the phishing message
This is to notify all Students, Staffs and Alumni that we are validating active accounts.
Kindly confirm that your account is still in use by clicking the validation link below:
Validate Email Account
IT Help Desk
Office of Information Technology
Screenshot of the phishing site
The URL provided in the e-mail does not belong to LSU or Microsoft and directs the user to a third-party site. The third party site appears as below and looks very similar to Office365 login page.
NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.