"rh" Phish


LSU Personnel started receiving phishing e-mails on April 7th, 2017 related to account validation due to mail quota being reached. The e-mail content was the same, but the subject line appears to be different in every e-mail.

Subjects of the Phishing e-mail - rh, eb, yk, dg, rg, etc. (All subject line is a variation of 2 alphabets).

Sender Name - Internal LSU User

Sender e-mail address - Internal to LSU*

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of the phishing e-mail

Screenshot of Phish Email

Content of the phishing e-mail

The content of the message states the following (Links and other descriptors have been removed for security purposes):

Your Lsu.Edu Mail quota has reached limit, You might not be able to send or receive new mail until you re-validate your mailbox .To re-validate your mailbox.- Go Isu Verification Page

Screenshot of the phishing site

The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site appears as below:

Screenshot of Phish Site


NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.