"Secured Document for Review" Phish
LSU Personnel started receiving phishing e-mails on January 10th, 2018, related to a document that needs to be reviewed.
Subject of the Phishing e-mail - Secured Document for Review
Sender Name - Internal to LSU*
Sender e-mail address - Internal to LSU*
*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.
NOTE: It appears that the malicious users are using the internal user account to confirm that the e-mail is a legitimate e-mail.
Screenshot of phishing e-mail
Content of phishing e-mail
The content of the message is (Links and other descriptors have been removed for security purposes):
User sent you a document to review.
Thank You, User Name
Do Not Share This Email
This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others.
It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction
Screenshot of phishing site
The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:
NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.