"Shared Document" Phish
LSU Personnel started receiving phishing e-mails on April 1st and 2nd, 2018, related to a shared file.
Subject of the Phishing e-mail - Shared Document
Sender Name - Internal to LSU* (Multiple users)
Sender e-mail address - Internal to LSU* (Multiple e-mail addresses)
*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.
Screenshot of phishing e-mail
Content of phishing e-mail
The content of the message is (Links and other descriptors have been removed for security
User Name (email@example.com) have shared a secured file with you. Kindly sign with your E-mail to view the Shared folder.
View The Shared File Here
© 2018 Dropbox
Screenshot of phishing site
The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:
NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.