"FW: UPDATE!!" Phish

 

LSU Personnel started receiving phishing e-mails on August 14th, 2017 related to account validation.

Subjects of the Phishing e-mail - FW: UPDATE!!!.

Sender Name - Internal to LSU (multiple users)

Sender e-mail address - Internal to LSU (multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

 Phish Mail

Content of phishing e-mail

The contents of the messages are (Links and other descriptors have been removed for security purposes):

DEAR LSU USER:

This is a generated Email from Database to inform all user that verification is taking place to terminate all Reported/Spam and inactive Account from our Database. If your account is very much Active and to Avoid De-Activation from our Database Please Click our LSU VALIDATION FORM and fill out the Validation form correctly to avoid termination of your Account from our database.

Take Note: If You Refuse to update your account after 24hrs of receipt of the notification of this update, your account will be excluded permanently from our Database we will not be responsible for the loss of your account. As always, your privacy and security are of utmost importance to us. We apologize if you have experienced any difficulties due to this situation.

THANKS,
LSU SUPPORT DESK
©2016-2017 ALL RIGHTS RESERVED.

 

Screenshots of the phishing sites

There are two separate URLs in the various e-mails. The URLs provided do not belong to LSU, and direct the users to a third-party site. The third party sites appear as below:

Screenshot of first Phish Site

 

Screenshot of second Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.