The IT Security Office is issuing an important notice regarding a targeted phishing campaign currently directed at our University. In this campaign, attackers are using compromised Microsoft 365 accounts from other organizations - including companies, schools, and other universities - to make the messages appear legitimate.
How the Attack Works
- Bad actors gain access to external organizations Microsoft 365 accounts.
- They then use those compromised accounts to send shared word document links or "file access" invitations to University employees.
- Because the sender is a real Microsoft 365 account from a legitimate institution, the email may look authentic.
- When delivered, the email includes our external email warning banner, indicating it originated outside of our organization.
- Opening the document leads to instructions containing embedded links that redirect users to a fraudulent login page designed to steal credentials.
Current Impact
We have confirmed that some users have opened the document and clicked the embedded links. As part of our response, the IT is actively scrubbing affected mailboxes to remove the malicious emails and prevent further compromise.
What You Should Do Right Now
- Do not open unexpected or unsolicited shared documents especially those marked with the external email warning banner.
- Do not click links in suspicious emails or word documents.
- Evaluate messages carefully: Were you expecting the file? Does the sender normally share documents with you? Does the tone seem unusual, urgent, or generic?
- If you clicked a link or entered your password on a page you now suspect was fraudulent, contact IT immediately.
How to Report or Get Help
If you think you interacted with a suspicious email or need assistance, please contact the IT Service Desk:
Email: ithelp@louisiana.edu
Phone: 337-482-4357
Ticket: Submit a ticket through the IT Service Desk portal
What IT is doing
We are:
- Removing phishing emails from user mailboxes.
- Reviewing potentially affect accounts for unusual activity.
- Updating filters and blocks to stop additional messages in this campaign.
Your awareness and caution are essential to keeping our University secure. Please continue to report suspicious emails and remain vigilant when opening unexpected messages