FW: Reminder: Your INV#11012851 is still pending settlement Sharepoint spear phish

Screenshot of Invoice spear phish

Reported September 2023

This is a phishing attack that came through Microsoft Sharepoint. Note that the email poses as a forward from President Munson and the recipient of the forward is an RIT leader.

How would you verify to see if this is legitimate? How likely is it that the RIT President would be forwarding an invoice to an RIT leader rather than this being processed by RIT Accounts Payable? Be careful of unexpected requests and attachments.