Debunking hoaxes and exposing scams since 2003!

Jump To: Example    Comments   References

HSBC 'Payment Advice' Malware Email

Jump To: Example    Comments   References

This email purports to be a payment advice from Global Payments and Cash Management at HSBC. The 'auto generated' email suggests that you click a link to download the payment advice document from the server.

However, the email is not from HSBC and the link does not download a payment advice document.

Following the link will take you to a compromised website that automatically checks that your computer's operating system and browser are ones that can be exploited by the malware payload. If your computer passes the test - that is, you are using Windows and Internet Explorer - a .zip file may then be downloaded.

The .zip file contains a .exe file malware payload. Once installed, the malware may download even more malware, steal information from the infected computer, and allow criminals to control the computer for their own purposes.

If you use a different type of browser or operating system, clicking the link may simply open a blank page or produce a 'Page Under Construction' message.

Apparently in an effort to make the email seem more legitimate, the scammers have - rather ironically - included some handy computer security tips. They have also tacked on a generic confidentiality clause.

Details may vary in different versions of these emails. Some versions may include the malware in an attached file rather than on a compromised website.

Be wary of any unsolicited email that claims to contain a payment advice, receipt, or invoice, accessed via a link or attached file. This is a favoured method of distributing malware.



Bookmark and Share


Subject: Payment Advice - Advice Ref:[GB405620] / CHAPS credits


Please download document from server, payment advice is issued at the request of our customer. The advice is for your reference only.

Download link:

[Link removed]

Yours faithfully,
Global Payments and Cash Management



This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded.


Security tips

1. Install virus detection software and personal firewall on your computer. This software needs to be updated regularly to ensure you have the latest protection.
2. To prevent viruses or other unwanted problems, do not open attachments from unknown or non-trustworthy sources.
3. If you discover any unusual activity, please contact the remitter of this payment as soon as possible.

This e-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose
or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the
sender immediately by return e-mail.

Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability
for any errors or omissions.


Beware Malware

Last updated: August 21, 2015
First published: April 23, 2015
By Brett M. Christensen
About Hoax-Slayer

Payment Advice - Advice Ref:[...] / Priority payment / Customer Ref:[...] - Virus
Malware Threat Articles