Multiple Subject Lines Phish


LSU Personnel started receiving phishing e-mails on September 23rd, 24th, October 5th, 8th, 14th, 15th , 18th, and 21st, 2018, that appear to be replies from internal users to an ongoing e-mail conversation.

Subject of the Phishing e-mail - Varies based on the compromised users inbox

Sender Name - Internal to LSU* (multiple users)

Sender e-mail address - Internal to LSU* (multiple users)

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

Screenshot of phishing e-mail

Phish Mail

Content of the phishing e-mails

The content of the message appears as below or the language for the link varies (Links and other descriptors have been removed for security purposes):

Cannot display this email

The text for the link appears as one of below:

- Click here to open full message

- Click here to view full message

- Click here to show full message

- Click here to show this message

- Click here to view this message

- Click here to open this message

Information regarding phishing sites and an example

The URL varies for different e-mails, but none of them belong to LSU or Microsoft and directs the user to a third-party site. One example of the site is as below:

 Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.