"Validate Email Account" Phish
LSU Personnel started receiving phishing e-mails on July 24th, 2017 related to account validation.
Subject of the Phishing e-mail - Validate Email Account
Sender Name - Internal to LSU (Multiple Users)
Sender e-mail address - Internal to LSU (Multiple e-mail addresses)
*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.
Screenshot of phishing e-mail
Content of phishing e-mail
The content of the message states the following (Links and other descriptors have been removed for security purposes):
This is to notify all Students, Staffs of Louisiana State University that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below:
Validate Email Account
Sincerely IT Help Desk
Office of Information Technology
The Louisiana State University.
Screenshot of phishing site
The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:
NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.