Phishing Email Scam: Accounts Payable

Phishing Email Breakdown 

This phishing attempt pretends to be a legitimate payment confirmation, urging the recipient to open an attachment for invoice details. Upon opening the file, the recipient is redirected to a fake login site. The sender is falsely identified as “Accounts Payable” to appear more trustworthy. 

Visual Example of the Phishing Email 

Full Text from the Phishing Attempt 

Your confirmation for Payment {invoice number} is attached for your reference. 

You can find all the details of your payment in the attached document. 

We truly appreciate your business and look forward to serving you again soon. 

Best regards, 

Accounts Payable 

How to Protect Yourself? 

1. Verify the Sender: Always verify the identity of individuals claiming to be someone important, especially if the message seems out of the ordinary and asks for personal information. 
2. Watch Out for Emotional Triggers: Phishing emails often use fear, sympathy, or urgency (e.g., “Your account will be closed immediately!”) to push users into acting without thinking. Pause, reevaluate the request, and confirm its legitimacy before responding. 
3. Check Branding, Formatting, and Logos Carefully: Phishing emails may imitate official layouts or use low-quality, off-colour logos. Verify that logos, colours, and the overall format matches what you typically see from the genuine organization. 

Important Notes: 

1. Report Suspicious Messages: Reporting phishing attempts helps prevent others from falling victim to these attacks. Send suspicious messages to is-spam@mcmaster.ca for review and investigation. 
2. Educate Yourself: Learn about common phishing tactics. Consider participating in the Information Security Training Program to protect against cyber threats and secure your digital world.