"NOREPLY@LSU.EDU" Phish

 

LSU Personnel started receiving phishing e-mails on August 5th, 2017 related to account updates.

Subjects of the Phishing e-mail - NOREPLY@LSU.EDU and HELPDESK

Sender Name - Internal to LSU (multiple users)

Sender e-mail address - Internal to LSU (multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshots of phishing e-mails

 Screenshot of first Phish Mail

 

Screenshot of second Phish Mail

Content of phishing e-mails

There are two separate e-mail messages with both messages containing link to the same phishing website. The contents of the messages are (Links and other descriptors have been removed for security purposes):

Content 1

Your Two incoming mails were placed on pending status due to a recent upgrade to our data, In order to receive the messages CLICK HERE to login and wait for response from Administrator, we apologize for any inconvenience and appreciate your understanding.


Copyright © 2017 Louisiana State University. All Rights Reserved.

Content 2

Due to our recent IP routine check our system found that your security
info is no longer working. Starting from 8/06/2017 you won't be able to sign in to your account unless you fix security info To fix your security info,
CLICK HERE to update your account now If your security info is already fixed, you can cancel this request.

Terms of Use Privacy & Cookies © 2017 Copyright © 2017 Louisiana State University. All Rights Reserved.

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party sites appear as below:

Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.