"HELP-DESK" Phish

 

LSU Personnel started receiving phishing e-mails on August 9th, 2017 related to account validation.

Subjects of the Phishing e-mail - HELP-DESK, LSU Help Desk, Dear User, and Lsu Upgrade Team.

Sender Name - Internal to LSU (multiple users)

Sender e-mail address - Internal to LSU (multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

 Screenshot of Phish Mail

Content of phishing e-mail

The contents of the messages are (Links and other descriptors have been removed for security purposes):

Warning!! You are currently operating at 99% of your mail box quota.
You need to upgrade your email limit quota to 2GB within the next 48
hours to enable you store and receive large numbers of emails in your
mailbox. Use the below web link to upgrade to 5GB: You might not be able to send or receive new mail until you re-validate your mailbox .


CLICK HERE NOW TO RE-VALIDATE YOUR LSU.EDU MAIL BOX

Copyright © 2017 Louisiana State University. All Rights Reserved.
Security Alert Office.
Thanks for your anticipated co-operation,
Upgrade Team.

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party sites appear as below:

Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.