"WARNING!" Phish

 

LSU Personnel started receiving phishing e-mails on July 26th, 2017 related to account verification.

Subject of the Phishing e-mail - WARNING!

Sender Name - Internal to LSU* 

Sender e-mail address - Internal to LSU* 

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

 Screenshot of Phish Mail

Content of phishing e-mail

The content of the message states the following (Links and other descriptors have been removed for security purposes):

Your account has been temporally suspended, and this means that you will not be able to send and receive new email messages. This is because of the on-going yearly web maintenance and deleting of inactive LSU accounts. You are then requested to verify your account here for upgrading.


To verify your mailbox, kindly visit our Accounts Verification Form CLICK HERE and fill out the account Verification form to verify your powered account


WARNING! Account owner, that refuses to update his/her LSU account after TWO (2) days of receipt of the notification of this update, his/her LSU account will be excluded permanently from our Database we will not be responsible for the loss of your account.


Copyright © Louisiana State University Network Rights Reserved
Security Alert Office.

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:

Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.