"Validate Your Account" Phish

 

LSU Personnel started receiving phishing e-mails on May 22nd, 2017 related to account validation.

Subjects of the Phishing e-mail - Validate Your Account

Sender Name - Helpdesk

Sender e-mail address - External to LSU

Screenshot of the phishing e-mail
Screenshot of Phish Mail

Content of the phishing e-mail

The content of the message states the following (Links and other descriptors have been removed for security purposes):

This is to notify all Students, Staffs and Alumni that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below:

Validate Email Account

Sincerely,
IT Help Desk
Office of Information Technology

Screenshot of the phishing site

The URL provided in the e-mail does appear to be similar to Microsoft Office365 page, the URL does not belong to LSU or Microsoft, and directs the user to a third-party site. The third party site appears as below:

Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.