A sophisticated phish scam with subject line "Authorization Form" was sent to multiple mailboxes. The email has the attachment "yorku.ca Please_DocuSign_credit_card_Authorization.html"

Opening the attachment will prompt the user to enter a password. You won't be able to change the username. If you click on Login, you will get the message "Invalid Password..! Please enter correct password"

 

 

 

 

 

 

 

 

If you login again, you will a fake invoice.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you provided your username and password, please consider your account as compromised. Change your password immediately and NEVER authorize a 2FA request that you did not initiate.