"Update" Phish

 

LSU Personnel started receiving phishing e-mails on August 23rd, 2017 related to account validation.

Subject of the Phishing e-mail - Update, ADMIN UPDATE WARNING

Sender Name - Internal to LSU (Multiple Users)

Sender e-mail address - Internal to LSU (Multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshots of phishing e-mails

 Screenshot of first Phish Mail

 

Screenshot of second Phish Mail

Contents of phishing e-mails

There were two separate messages and the content of the messages are (Links and other descriptors have been removed for security purposes):

Content 1

Dear lsu.edu User,

Our Mail Admin database is currently been updated to enable the new mail features being to operate. Admin is currently upgrading the lsu.edu Mail server to make sure all users get the new features.

Kindly Click Here to update your Mailbox

lsu.edu Webmaster
(c) 2017 Web Feature

Content 2

Your lsu.edu Mailbox has exceed it's Mail storage Quota limit as set by
Web Master / lsu Web Admin which means you need to Re-validate your mailbox quota to get the new Webmail Upgrade.
To update your account click the below link and fill in the information in order to verify your account.
Click Here To Update Your Marriott Account

Note: Any lsu Email account owner who refuse to update his/her account after two (2) days of receipt of these update notification
will be permanently excluded from our lsu Email Database. we will not be responsible for the loss of your account if you fail to
upgrade your Mailbox.

We apologize for any difficulties you may have experienced due to this situation.

lsu Web Admin.
(c) 2017 Web-Upgrade.

Screenshot of phishing site

The URL provided in the e-mails do not belong to LSU, and directs the user to third-party site. The third party site appears as below:

 Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.