14 DAY TRIAL // Experts warn that cybercriminals are using fake Hong Kong Monetary Authority invoices to distribute a piece of malware.
The emails are entitled “Invoice #3404196 – Remit File” and they read something like this:
“The following is issued on behalf of the Hong Kong Monetary Authority. Attached is the invoice (Invoice_3604196.zip) received from your bank. Please print this label and fill in the requested information. Once you have filled out all the information on the form please send it to [email protected]”
According to researchers from MX Lab, the emails have nothing to do with the Hong Kong Monetary Authority. Instead, the so-called invoice is a Trojan downloader that retrieves other malicious elements onto the compromised computer.
In case you come across such an email, ignore it. If you’ve already opened the attachment, scan your computer with an antivirus program. Scam notifications that leverage the name of the Hong Kong Monetary Authority can be reported to hkma (at) hkma (dot) gov (dot) hk.
The Hong Kong Monetary Authority is aware of such scams. The organization has published a security information page to warn users of fake websites and emails.