"Upgrade Security Version" Phish

 

LSU Personnel started receiving phishing e-mails on July 19th, 2017 related to upgrading/verifying security for Office365.

Subject of the Phishing e-mail - Upgrade Security Version

Sender Name - External to LSU

Sender e-mail address - External to LSU

Screenshot of phishing e-mail

 Screenshot of Phish Mail

Content of phishing e-mail

The content of the message states the following (Links and other descriptors have been removed for security purposes):

Microsoft Office 365

 

Dear Ablack

Office365 warn all subscriber to verify and upgrade to the new safety security available worldwide. Failure to follow the instruction within 24 hours
your newly upgraded security might not reflect on your login till we introduce another upgraded version of security next 3 month
We strongly recommend you to take 20 seconds to secure your login details by re-login below
for instant verification and upgrade to the latest security version.


VERIFY/UPGRADE


You will get newest version of Microsoft

This is a mandatory communication about the service. To set communication
preferences for other cases.
Privacy | legal notices

Microsoft Office
One Microsoft Way
Redmond, WA
98052-6399 USA

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:

Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.