Payment advice email is actually a phishing scam

Posted by Akankasha Dewan on 21 June 2019 10:45:00 AEST

A new phishing email scam has been intercepted by MailGuard, this time masquerading as payment advice.

First detected around noon on Monday, the 17th of June 2019 (AEST), the phishing email was sent via multiple compromised senders. It used a display name of ‘Payment Advice’, along with a reference number.

The email presented itself as a payment receipt for a payment made through Envision Credit Union. It advised recipients to open an attachment (a .doc file).

Here is a screenshot of the email:

Excel social

Unsuspecting recipients who download and open the attached document are asked to click on a link which redirects to a fake blurred Excel document and a login form:

Here’s a screenshot of the form:

Mcafee form

As you can see from the screenshot above, the login form asks for users’ Office 365 email credentials.

Once their credentials are inserted, users are redirected to a Google Drive hosted page that simulates an error: "File truncate error (401)".

While the email in itself is a plain-text one and isn’t exactly sophisticated in design, cybercriminals have included several elements in the scam in order to boost its legitimacy.

The first is the inclusion of a reference number and beneficiary details – information normally associated with any official notification of a payment receipt. Including such details boosts the authenticity of the email as it makes the payment receipt seem more credible. The second element used is the incorporation of the "McAfee Secure" logo in the login form – a sign which is, ironically, usually used to assure users of the safety of the document/page in question.

Whilst MailGuard is stopping this email scam from reaching end-users and businesses, we encourage all email users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include.
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.


Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Phishing Zenith Bank

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all