"Processed Attachment" Phish
LSU Personnel started receiving phishing e-mails on August 28th, 2018, related to review of documents via DocuSign.
Subject of the Phishing e-mail - Processed Attachment
Sender Name - Internal to LSU*
Sender e-mail address - Internal to LSU*
*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.
The e-mail contained a PDF attachment with the link. The content of the message is (Links and other descriptors have been removed for security purposes):
The URL provided in the attachment does not belong to LSU or Microsoft and directs the user to a third-party site. The third party site appears as below:
NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.