Screenshot of malicious email:
On July 26th, 2021, a common form of scam in which malicious actors attempt to impersonate accounts payable was seen at DePaul.
The scam campaign was sent through a non-DePaul email address, and made to appear as though it is associated with some organization's accounts payable department.
The malicious email encourages recipients to review payment information in a malicious attached file. The phishing attachment will attempt to harvest the credentials of the victim through a look-a-like login page.
Some indicators that this email is malicious:
- Unsolicited contact from an unknown external ([EXT] tag in the subject line) email account
- Lack of clarity for what the alleged payment information concerns
- Attachment of a malicious .htm file