This ‘Remittance Advice’ email may be costlier than you think

Posted by Akankasha Dewan on 30 August 2019 14:01:44 AEST

As cybercrime evolves and as cybercriminals become more innovative in the way they infiltrate cyber systems, it has become even more critical for users to be vigilant when they are online.

MailGuard’s detection of a new payload email scam is a good reminder of how one can never be too careful when accessing emails.

The malicious email was first detected on Monday, the 26th of August morning (AEST).  

Using a display name of ‘Accounts Payable’, the email masquerades as a notification announcing the arrival of a Remittance Advice. MailGuard understands the email actually originates from a few different compromised email address that were used to send the messages over a time window of several hours.

The email is titled ‘Separate Remittance Advice: paper document’. However, in the body of the email the remittance advice is included as an image resembling a PDF document. It informs recipients that payment has been made on their behalf ‘for the following invoice(s). Recipients are directed to contact the ‘AP email’ if they have any inquiries on the remittance advice.

Here is a screenshot of the email:

AP email


MailGuard understands that unsuspecting recipients who click on the PDF are directed to a URL that downloads a very suspicious .JAR file, designed to execute the malicious payload when opened.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

This email scam is a good reminder of how innocent-looking, plain emails can, in fact, be malicious, despite where they purport to be from. As simple as they may seem, these attacks are happening all too regularly, and with devastating effect. Unsuspecting employees who click on any of the links above or download any content can inflict significant financial and reputational damage on an organisation.

MailGuard urges all cyber users to be vigilant when accessing their emails, and look out for tell-tale signs of malicious emails:

Tell-tale signs of email scams

  • Do not address recipients directly (e.g. “Dear customer”)
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics
  • An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
  • Obscure sending addresses (for example, Hotmail, gmail, Yahoo addresses should set alarms bells ringing)

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all