Date: Fri, 21 Jun 2013 10:48:12 -0700 [13:48:12 EDT]
From: LexisNexis [firstname.lastname@example.org]Book
Subject: Invoice Notification for June 2013
There was an invoice issued to your company: [redacted]
Please double click the PDF attachment to open or print your invoice. To view full invoice details or for any Online Account Management options, download PDF attachment.
Account Number 455SAZ
Invoice Number 904510653899
Invoice Date June 21, 2013
Invoice Amount $3.508.00
Account Balance $0.00
You can PAY YOUR BALANCE through the PowerInvoice please print the attached invoice and mail to the address indicated on the invoice statement. If you do not have Adobe Acrobat, please find a link to a free downloadable file at the end of this e-mail.
You can also print this e-mail and send your payment to:
PO BOX 7247-7090
Philadelphia, PA 19170-7090
If you have questions about your invoice, please contact LexisNexis at 1-800-262-2391, option 3.
If you would like to contact your Account Manager, please contact LexisNexis at 1-800-262-2391, option 2.
Please add this domain @email.lexisnexismail.com to your safe senders list.
Adobe Acrobat free downloadable file available at :
In this case the attachment is just 8 bytes and is harmless. Next time, it probably won't be..
Of note, the only link in the email goes to [donotclick]https://server.nepplelaw.com/owa/redir.aspx?C=430ed6e3b59a4a69b2d5653797c3e3d6&URL=http%3a%2f%2fwww.adobe.com%2fproducts%2facrobat%2freadstep2.html which is the sort of thing that happens to a URL when it goes through Outlook Web Access, in this case it would be on the server server.nepplelaw.com but I have no explanation as to why it is there, however it is harmless.