The ITS Email Security team has noticed a large number of attempts from various external, presumably hacker email accounts, trying to trick users into opening a fake invoice attachment.  If the reader opens the attachment, there have two types of vectors of attack.  One is an attempt to have the user attempt to login with credentials to capture the userid and password and attempt to get into that user’s university account.  The other vector is an attempt to have malicious software installed on the computer, to either use the computer’s resources for information, or to pivot from the user’s computer to a university system for further attempts to steal information.


When the emails are identified, Proofpoint will block them and we can then perform the Threat Response Auto Pull action to remove the malicious email from user’s email accounts.  We want to let you know to BE ON THE LOOKOUT for these attempts.  If you receive an email claiming there is an outdated invoice that needs to be paid, please check with the vendor via a separate, direct email, or a phone call, or check with the security team BEFORE opening the attachment.


Thank you,

Cheryl O


Cheryl O’Dell, CISSP, GCFE

Incident Response Manager

Cybersecurity & Identity|ITS|

501 127H, 68588-0203

University of Nebraska |


402-472-7851 (o)