"Take Action: myLSU Account Notification" Phish

 

LSU Personnel started receiving phishing e-mails on May 9th, 2017 related to changes made to payroll.

Subjects of the Phishing e-mail - Take Action: myLSU Account Notification

Sender Name - LSU

Sender e-mail address - External to LSU (however, the e-mail address appears to be a lsu.edu e-mail account)

Screenshot of phishing e-mail

 screenshot of Phish Mail

Content of phishing e-mail

The content of the message states the following (Links and other descriptors have been removed for security purposes):


Welcome,

Unusual changes has been made to your payroll information.

Login your credentials below to view changes made to your account.

Login Account

myLSU Portal

© 2017 Louisiana State University. All rights reserved

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU and directs the user to a third-party site. The third party site appears as below:

screenshot of Phish Site

NOTE: NEVER provide your username and password on non-LSU Sites. Additionally, PLEASE always verify the URL you are visiting regardless of web page design.