"LSU User" Phish

 

LSU Personnel started receiving phishing e-mails on April 13th, 2017 related to account validation.

Subjects of the Phishing e-mail - LSU User

Sender Name - Multiple Internal Users

Sender e-mail address - Internal to LSU* (multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

Screenshot of Phish Email

Content of phishing e-mail

The content of the message states the following (Links and other descriptors have been removed for security purposes):

Dear LSU User.

 
Due to database maintenance equipment that is happening in our mail message center. Our message center must be reset due to the large number of Spam messages we receive daily. The maintenance of quarantine will help us avoid this dilemma every day and with the new improved software will provides our  LSU users with a mail system and new security system from hackers to protect our users from getting their accounts being hacked.


    To validate your mailbox, kindly visit our      LSU.EDU Validation Form.     and fill out the account validation form to validate your email  powered account: 


As always, your privacy and security are of utmost importance to us.  We apologize if you have experienced any difficulties due to this situation, and please know that our technical staff is working to remedy the problem.

THANKS,

LSU  SUPPORT DESK

©2016-2017 ALL RIGHTS RESERVED.

Screenshot of phishing e-mail

The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site appears as below:

Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.