"Information Technology." Phish

 

LSU Personnel started receiving phishing e-mails on December 18th 2017 related to VPN upgrade and account reactivation.

Subject of the Phishing e-mail - Information Technology.

Sender Name - LSU

Sender e-mail address - Multiple e-mail addresses that appear to be @lsu.edu; however, they do not appear to be legitimate e-mail addresses.

Screenshot of phishing e-mail

 Screenshot of Phish Mail

Content of phishing e-mail

The content of the message is (Links and other descriptors have been removed for security purposes):


Notice to all Faculty, staff, and student.

We have upgraded Cisco anyconnect vpn client software, please click the login button to reactivate your LSU SSL VPN Service access.

This is a technology that allows LSU SSL VPN Service Faculty, Staff, Students, and Retirees to securely access the LSU SSL VPN Service Network from anywhere with an Internet connection.

All connections are logged and monitored. By accessing this system, you acknowledge that use of this and any other technology at LSU SSL VPN is subject to the terms of the LSU SSL VPN Conditions of Use and Policy on Computing Ethics.

 

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:

 Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.