A malicious email detected by MailGuard uses anti-virus security tips to dupe recipients.
Designed to appear as a payment confirmation statement from global bank HSBC, the phishing email distributes malware to those curious enough to download the attachment.
The large-scale attack has the subject line: "BILL PAYMENT ADVICE Our Ref: BPCBJG502865 Counterparty: Your Ref: CH1199-10/2016”, or similar.
The cybercriminals behind the email attempt to disguise its maliciousness by using plain text, and even offer security tips to reassure recipients who might be hesitant to open it.
The tips include to install virus-detection software – and ironically, not to open attachments from unknown or untrustworthy sources.
It’s good advice: their attachment, titled ‘Payment Advice’, is a MHT file which in turn contains a HTA file, which downloads and executes a malicious script.
The unusual file format is a tactic used by cybercriminals to distribute malware while avoiding antivirus detection.
HSBC offers helpful information about online fraud and where to lodge a report.
The bank says phishing scam victims’ personal information is at risk.
“Spyware and key loggers are a type of software that spies on what you do on your computer,” the bank advises.
“Key-loggers record what keys you press on your keyboard. Scammers can use them to steal online banking passwords or other personal information.”
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
