"Secured Document for Review" Phish

 

LSU Personnel started receiving phishing e-mails on January 10th, 2018, related to a document that needs to be reviewed.

Subject of the Phishing e-mail - Secured Document for Review

Sender Name - Internal to LSU*

Sender e-mail address - Internal to LSU*

*Internal accounts can be compromised and used by malicious actors to send phishing e-mails, in order to appear more authentic.

NOTE: It appears that the malicious users are using the internal user account to confirm that the e-mail is a legitimate e-mail. 

Screenshot of phishing e-mail

 Screenshot of Phish Mail

 

Content of phishing e-mail

The content of the message is (Links and other descriptors have been removed for security purposes):


User sent you a document to review.
REVIEW DOCUMENT
User Name
user@lsu.edu


Thank You, User Name

 
Do Not Share This Email
This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others.

About DocuSign
It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction

Screenshot of phishing site

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below:

 Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.