Users are advised to be on the lookout for fake emails that purport to carry a payment slip. The scam notifications are part of a cybercriminal campaign designed to distribute malware.
Cisco's Security Intelligence Operation detected a significant volume of these scam emails on October 1. However, the company issued a second warning on October 9.
One version of the email comes with an attachment (Bank Slip.rar) that contains a malicious .scr file. When it’s executed, the victim’s computer becomes infected. A second variant of the bogus notification has a different body and it carries a malicious executable inside a .zip archive.
Here’s what the emails look like. If you come across them in your inbox, delete them immediately.
Variant 1. “Payment Slip”
“Dear Sir /Madam How are you? Thanks for your e-mail, Attachment is the payment slip. i wait your confirmation. Best regards Smith.”
Variant 2.
“Dear Sir/Madam, The attached payment advice is issued at the request of our customer. The advice is for your reference only. Yours faithfully, Global Payments and Cash Management HSBC”