A malicious actor is sending paycheck picture attachments via email from a forged email address, email@example.com. An example email is included below.
These emails are "unauthenticated" by which that means the sending SMTP (email) server is not allowed to send as any @manhattan.edu address. ITS prevents delivery of such emails to ITS managed @manhattan.edu accounts. ITS also uses DMARC to notify all receiving SMTP (email) servers to be as careful as possible with unauthenticated @manhattan.edu emails. Unfortunately, DMARC is just a suggestion and not a command. So unauthenticated @manhattan.edu emails may still be delivered to phishing targets.
From: Payroll Department
Date: Wed, Mar 1, 2023 at 1:39 PM
Good Day [redacted],
You are receiving this e-mail because your information has been registered and will be
scheduled for weekly payments directly from the Payroll department. The Paycheck that
covers the expenses for the office supplies you will be working with is attached in this
email. A Sales Representative will be assigned to assist you with the purchase of these
items once the funds are available from this deposit. Immediately proceed to make a mobile
deposit and contact your professor in charge once completed for clearance purposes.
Further Assignments as well as your employment documents will be sent once the supplies
are delivered. Kindly inform your professor letting him know that you have received this
I have outlined Instructions on how to make a mobile deposit below.
Print out and cut it to a ( check size/shape ) At the back of your check endorse by
Mobile Deposit Only
Your account number
Once you are done, you make a mobile deposit on your mobile banking app
Please do not reply to this email message. It was sent from a notification-only address
that cannot accept incoming emails.
Office of Financial Aid Administration
4513 Manhattan College Parkway
Riverdale, NY 10471
Monday thru Friday
9:00 am to 4:30 pm