"Alert from Help-Desk Administrator." Phish

 

LSU Personnel started receiving phishing e-mail on September 21st 2017 related to e-mail verification.

Subject of the Phishing e-mail - Alert from Help-Desk Administrator.

Sender Name - Internal to LSU

Sender e-mail address - Internal to LSU

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

 Screenshot of Phish Mail

Content of phishing e-mail

The content of the message is (Links and other descriptors have been removed for security purposes):

Dear LSUMail User, This is an automatic message sent by our security system to let you know that you have 48 hours to confirm your account information. And this means that you will not be able to send and receive new email messages. This is because of the on-going yearly web maintenance and deleting of inactive accounts. Kindly click on myLSU and verify your Mailbox to validate your account.

 

Help-Desk Administrator.

Copyright © 2017 Louisiana State University . All Rights Reserved.

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to third-party site. The third party site appears as below:

 Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.