LTU has for some time been exposed to an email fraud campaign (phishing) where the sender appears to be "LTU employee name <email@example.com>"
Several different variants of "headgroup" occur.
Other variants may also occur.
It is extra important that you check that the sender is:
Check for @ltu.se and that it is inside <>
If it is not included in the sender field, the message is very likely to be fraudulent.
NOTE also! All information regarding upgrade of O365 should be informed by LTU, not by someone saying they are system administrator from Microsoft.