Phishing Alert: Accounting Invoice Scam | Information Technology | University of Pittsburgh

Phishing Alert: Accounting Invoice Scam

Monday, May 15, 2017 - 17:42

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that mimics a DocuSign email and states that a DocuSign invoice is ready to be reviewed. A hyperlink in the email message attempts to download a document and shows a blank page when doing so.

Clicking on the link in the email directs the user to a webpage that appears blank, but downloads a Word document that is designed to trick the recipient into running harmful software. If opened and executed, the software will run a malicious program on the user’s computer - in this case, ransomware.

Analysis of malware samples received show it to be a different variant of ransomware that is unrelated to the WannaCry ransomeware.

The following is a sample of the recent fraudulent email. Before clicking on any documents shared with you, check with the sender personally to confirm that they did indeed share a document with you. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to Detailed instructions on reporting scams are available at


Subject: - Accounting Invoice 234365 Document Ready for Signature

All parties have completed [E] - Accounting Invoice 066046M

Document Ready for Signature.

Please review and sign your [E] ] Accounting Invoice 066046 via DocuSign by clicking on the "Review Document" button above. Signing will not be complete until you have reviewed the agreement and confirmed your signature. Please make sure to fill out the TaxID if you are requesting for credit terms. Please let us know if you have any questions. Thank you.


Powered by ◻

Do Not Share This Email
This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others.

About DocuSign
Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- DocuSign provides a professional trusted solution for Digital Transaction Management™.

Questions about the Document?
If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly or replying to this email


CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.