"FW: LSU NOTICE !!! " Phish

 

LSU Personnel started receiving phishing e-mails on October 9th 2017 related to email validation.

Subjects of the Phishing e-mail - FW: LSU NOTICE !!!, LSU UPDATE !!! and Take Note: (LSU)

Sender Name - Internal to LSU (multiple users)

Sender e-mail address - Internal to LSU (multiple e-mail addresses)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

 Screenshot of Phish Mail

Content of phishing e-mail

The content of the message is (Links and other descriptors have been removed for security purposes):

DEAR LSU USER:

This is a generated Email from Database to inform all user that verification is taking place to Close/Terminate all Reported/Spam and inactive Account from our LSU Database. If your LSU account is very much Active and to Avoid De-Activation from our Database Please Click our LSU-VALIDATION FORM: and fill out the Validation form correctly to avoid termination of your Account from our database.

Take Note: If You Refuse to update your account after 24hrs of receipt of the notification of this update, your account will be excluded permanently from our Database we will not be responsible for the loss of your account. As always, your privacy and security are of utmost importance to us. We apologize if you have experienced any difficulties due to this situation.

THANKS,
LSU SUPPORT DESK
©2016-2017 ALL RIGHTS RESERVED.

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:

 Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.