"Library Notifications" Phish

 

LSU Personnel started receiving phishing e-mails on February 9th, 2018, related to acess to Library resources expiring which require account renewal..

Subject of the Phishing e-mail - Library Notifications

Sender Name - External to LSU

Sender e-mail address - External to LSU

Screenshot of phishing e-mail

 Screenshot of Phish Mail

Content of phishing e-mail

The content of the message is (Links and other descriptors have been removed for security purposes):

Dear Student,
Our records show that your access to LSU Libraries System is about to expire. Due to security precautions established to protect University Libraries System, you have to renew your library account on a regular base, so please use the following link

Link

After your successful authentication, your access will be restored automatically and you will be redirected to the library homepage. If you are unable to log in, please contact the library help desk for immediate assistance. We apologize for any inconveniences this may have caused. 

Thank you,

Louisiana State University
Baton Rouge, Louisiana 70803
Phone: +1 (225) 578-5652

Screenshot of phishing site 

The URL provided in the e-mail does not belong to LSU, and directs the user to a third-party site. The third party site appears as below (similar to LSU's Single Sign-on page):

 Screenshot of Phish Site

NOTE: ALWAYS verify the URL provided in any e-mail and PLEASE NOTE that LSU will not ask you for your account information in such a fashion.