Information Services > Security > News & Updates > Payment Receipt Scam - 07/26/21

Payment Receipt Scam - 07/26/21

​​

Screenshot of malicious email:

An image of a malicious email. The email attempts to convince the recipient to click on a malicious attachment under the guise of it being payment information.

On July 26th, 2021, a common form of scam in which malicious actors attempt to impersonate accounts payable was seen at DePaul.

The scam campaign was sent through a non-DePaul email address, and made to appear as though it is associated with some organization's accounts payable department.

The malicious email encourages recipients to review payment information in a malicious attached file. The phishing attachment will attempt to harvest the credentials of the victim through a look-a-like login page.

Some indicators that this email is malicious:
- Unsolicited contact from an unknown external ([EXT] tag in the subject line) email account
- Lack of clarity for what the alleged payment information concerns
- Attachment of a malicious .htm file​

​​