"Validate Email Account" Phish

 

LSU Personnel started receiving phishing e-mails on July 24th, 2017 related to account validation.

Subject of the Phishing e-mail - Validate Email Account

Sender Name - Internal to LSU (Multiple Users)

Sender e-mail address - Internal to LSU (Multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

screenshot of Phish Mail

Content of phishing e-mail

The content of the message states the following (Links and other descriptors have been removed for security purposes):

 

This is to notify all Students, Staffs of Louisiana State University that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below:


Validate Email Account


Sincerely IT Help Desk
Office of Information Technology

The Louisiana State University.

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:

screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.