Email containing ‘payment advice note’ delivers malicious payload

Posted by Akankasha Dewan on 11 March 2020 11:51:13 AEDT

Users are advised to be wary of an email masquerading as a ‘payment advice note’. Using a display name of ‘Accounts’, the email is in plain-text and contains no links. It is titled ‘payment advice note from 03.09.2020’.

The message body is short, and contains a paragraph informing users that ‘this email and any files transmitted with it are confidential and intended solely for the use of the individual’. A footer is also inserted at the bottom of the email that claims the email is sent ‘on behalf of Adams Morey Ltd.’ A file is attached containing the ‘pdf’ symbol.

Here is a screenshot of the email:

1103_Accounts scam final

Clicking on the file results in a direct download of a malicious .JAR file that is designed to infect systems. At the time of writing the file had been taken down.

The email originates from multiple compromised email addresses that cybercriminals have used to launch the attack. Subtle attacks like these are becoming increasingly prevalent, as cybercriminals seek to avoid traditional email filters, and to prey on the curiosity and good will of email users. In this particular case, the email body doesn’t contain any external links and is relatively short – all techniques used to avoid detection by email filters. In addition, the email purports to be from 'Accounts' because receiving a 'payment advice note' from this division isn't likely to be suspicious. This further serves to convince users that this email is a legitimate notification. 

Despite these techniques, the email contain multiple red flags that point to its legitimacy. These include the fact that the recipient isn’t addressed directly within the message body and that it contains multiple spacing and grammatical errors.

A simple, common sense way to spot a scam is to ask yourself if you know the sender, or if you should reasonably expect to receive an email from them. If not, or if you’re in doubt, don’t open it and don’t reply. Always exercise caution when opening any email.  

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: email scams fraud fastbreak

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all