Phishing Attack 10/30

October 30, 2018 by Sumit Jain  | Comments

Attention Colleagues,

 

LSU ITSP team received multiple notifications this morning related to phishing e-mails received by LSU personnel. We have taken appropriate steps to mitigate the risk from our campus network; however, we felt it prudent to share the relevant information with you. We would really appreciate if you could share this message within your internal department.

    

The details of the phishing messages are as below:   

  

Subjects of Phishing E-mail: Validate Your Email Account...To avoid close down. 

Sender Name and Email:  Actual sender e-mail address is not an @lsu.edu address but appears to show that  

Phishing Site and other details:  https://www.lsu.edu/it_services/its_security/Phishing-Items/phishitem20181030.php

NOTE: The phishing site appears to be similar to LSU’s SSO page

We would like your assistance in sharing this information with your constituents and to highlight the following:  

  • LSU will NEVER request anyone to validate or share myLSU/PAWS/e-mail account and password through e-mail. 
  • LSU will NEVER request anyone to verify their myLSU/PAWS/e-mail account and password. 
  • LSU will NEVER request any sensitive information via sites that are not associated with the University.  

 We appreciate your assistance in keeping our University and users secure. 

 

Sumit Jain, CISSP

Director, IT Security and Policy (CISO)

 

  1. LSU’s SSO refers to the login page when visiting myLSU portal (SSO = Single Sign On)
  2. We appear to have multiple senders involved in this phishing attack, the original message was an external sender, but the second sender appears to be an internal one.