{"id":2016,"date":"2019-04-06T19:33:53","date_gmt":"2019-04-06T19:33:53","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=2016"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"HSBC-'Payment-Advice'-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=2016","title":{"rendered":"HSBC &#8216;Payment Advice&#8217; Malware Email"},"content":{"rendered":"<div>\n<p>This email purports to be a payment advice from Global Payments and Cash Management at HSBC. The &#8216;auto-generated&#8217; email suggests that you open an attached file \u00a0to view the payment advice document. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p>However, the email is not from HSBC and the attachment does not contain a payment advice document.<\/p>\n<p>If you open \u00a0the attached \u00a0Microsoft Word File, you will be prompted to enable macros, ostensibly as a security measure. \u00a0 If you do allow macros, a malicious macro will run in the background. The macro will download and install malware on your computer.<\/p>\n<hr \/>\n<style>\n\t\t\t\t\t#wpsm_accordion_19216 .wpsm_panel-heading{\npadding:0px !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title {\nmargin:0px !important; \ntext-transform:none !important;\nline-height: 1 !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title a{\ntext-decoration:none;\ncolor:#000000 !important;\nfont-size:18px !important;\ndisplay:block;\npadding:0px;\nfont-family: Open Sans !important;\npadding-top: 10px;\npadding-bottom: 10px;\nborder-bottom:1px solid  #ddd !important;<\/p>\n<p>}\n#wpsm_accordion_19216 .wpsm_panel-title a:hover,#wpsm_accordion_19216 .wpsm_panel-title a:visited, #wpsm_accordion_19216 .wpsm_panel-title a:focus {\n\tcolor:#000000 !important;\n}\n#wpsm_accordion_19216 .acc-a{\n\tcolor: #000000 !important;\n\tbackground-color:#7dcec9 !important;\n\tborder-color: #ddd;\n}\n#wpsm_accordion_19216 .wpsm_panel-default > .wpsm_panel-heading{\n\tcolor: #000000 !important;\n\tbackground-color: #7dcec9 !important;\n\tborder-color: #7dcec9 !important;\n\tborder-top-left-radius: 0px;\n\tborder-top-right-radius: 0px;\n}\n#wpsm_accordion_19216 .wpsm_panel-default {\n\t\tborder:0px solid transparent !important;\n\t}\n#wpsm_accordion_19216 {\n\tmargin-bottom: 20px;\n\toverflow: hidden;\n\tfloat: left;\n\twidth: 100%;\n\tdisplay: block;\n}\n#wpsm_accordion_19216 .ac_title_class{\n\tdisplay: inline-block;\n    padding-top: 5px;\n    padding-bottom: 5px;\n    padding-left: 13px;\n    padding-right: 10px;\n    border: 0px solid #ddd;\n\tfont-size:18px !important;\nfont-family: Open Sans !important;<\/p>\n<p>}\n#wpsm_accordion_19216  .wpsm_panel {\n\toverflow:hidden;\n\t-webkit-box-shadow: 0 0px 0px rgba(0, 0, 0, .05);\n\tbox-shadow: 0 0px 0px rgba(0, 0, 0, .05);<\/p>\n<p>\t\tborder-radius: 4px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel + .wpsm_panel {\n\t\tmargin-top: 0px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel-body{\nbackground-color:#e2e2e2 !important;\ncolor:#000000 !important;\nborder-top-color: #7dcec9 !important;\nfont-size:16px !important;\nfont-family: Open Sans !important;\noverflow: hidden;<\/p>\n<p>border: 0px solid #ddd !important;<\/p>\n<p>border-top:0px !important;\n}<\/p>\n<p>#wpsm_accordion_19216 .ac_open_cl_icon{\n\tbackground-color:#dd3333;\n\tcolor: #ffffff;<\/p>\n<p>     padding-top: 5px; \n     padding-bottom: 5px; \n\t margin-left:10px;\n    line-height: 1.0;\n    font-size:18px !important;\ntext-align: center !important;\n     width: 32px !important;\n    display: inline-block;<\/p>\n<p>}\n#wpsm_accordion_19216 .ac_open_cl_number{\n width: 25px !important;\n    display: inline-block;\n\t margin-left:10px;\n\t text-align: center !important;\n\t font-size:18px !important;<\/p>\n<p>}<\/p>\n<p>\t\t\t #wpsm_accordion_19216 .wpsm_panel-heading {\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}\n\t\t\t#wpsm_accordion_19216 .ac_open_cl_icon{\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}<\/p>\n<\/style>\n<div class=\"wpsm_panel-group\" id=\"wpsm_accordion_19216\" >\n<p>\t\t\t\t  <!-- Inner panel Start --><\/p>\n<div class=\"wpsm_panel wpsm_panel-default\">\n<div class=\"wpsm_panel-heading\" role=\"tab\" >\n<h4 class=\"wpsm_panel-title\">\n\t\t\t\t\t\t<a  class=\"\"  data-toggle=\"collapse\" data-parent=\"#wpsm_accordion_19216 \" href=\"#ac_19216_collapse1\"  ><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"ac_title_class\"><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span style=\"margin-right:6px;\" class=\"fa fa-lightbulb-o\"><\/span><br \/>\n\t\t\t\t\t\t\t\tToggle to read more about macros\t\t\t\t\t\t\t<\/span><br \/>\n\t\t\t\t\t\t<\/a><br \/>\n\t\t\t\t\t  <\/h4>\n<\/p><\/div>\n<div id=\"ac_19216_collapse1\" class=\"wpsm_panel-collapse collapse_19216 collapse \"  >\n<div class=\"wpsm_panel-body\">\n<div class=\"indentPara\">For those that may not be aware, a macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task.<\/p>\n<p>Complex macros can be created using VBA (Visual Basic for Applications) and can be very helpful in some workflows.<\/p>\n<p>But malicious VBA macros can also be created and distributed. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default and implemented other security measures.<\/p>\n<p>However, criminals have apparently realized that many computer users will have forgotten about or have no knowledge of macro threats. Thus, \u00a0<a title=\"Remember macro viruses? Infected Word and Excel files? They're back...\" href=\"http:\/\/nakedsecurity.sophos.com\/2014\/07\/07\/remember-macro-viruses-infected-word-and-excel-files-theyre-back\/\">malicious macros are again being used<\/a> \u00a0to spread malware. \u00a0<\/p>\n<p>In modern incarnations of the threat, criminals do not try to subvert in-built security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals rely on the curiosity of recipients who may proceed without due caution in the hope of finally viewing the promised document content.<\/p>\n<p>Unless you have a compelling reason, you would be best to leave macros disabled by default. And do not believe any message that claims that you must enable macros to view or interact with Microsoft Office documents.\t\t\t\t\t  <\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>\t\t\t\t   <!-- Inner panel End --><\/p><\/div>\n<p>\t\t\t\t<script>\n\tjQuery(document).ready(function() {<\/p>\n<p>\t\t\tjQuery('.collapse_19216').on('shown.bs.collapse', function(){jQuery(this).parent().find(\".fa-plus\").removeClass(\"fa-minus\").addClass(\"fa-minus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").addClass(\"acc-a\"); }).on('hidden.bs.collapse', function(){jQuery(this).parent().find(\".fa-minus\").removeClass(\"fa-minus\").addClass(\"fa-plus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").removeClass(\"acc-a\");});<\/p>\n<p>\t\t});\n\t<\/script><\/p>\n<p>The exact nature of this malware may vary. Often, it will be ransomware that will lock up your computer files and then demand that you pay a fee to online criminals to receive the code to unlock them.<\/p>\n<p>In other cases, the malware may be designed to steal sensitive information such as your banking login credentials.<\/p>\n<p>Apparently, in an effort to make the email seem more legitimate, the scammers have &#8211; rather ironically &#8211; included some handy computer security tips. They have also tacked on a generic confidentiality clause.<\/p>\n<p>Details may vary in \u00a0<a title=\"Payment Advice - Advice Ref:[...] \/ Priority payment \/ Customer Ref:[...] - Virus\" href=\"https:\/\/techhelplist.com\/index.php\/spam-list\/388-payment-advice-advice-ref-priority-payment-customer-ref-virus\">different versions of these emails<\/a>. Some versions may include the malware on a compromised website rather than in an attached file.<\/p>\n<p>Be wary of any unsolicited email that claims to contain a payment advice, receipt, or invoice, accessed via a link or attached file. This is a \u00a0favoured method of distributing malware.<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<h3 class=\"noMargin\">Example<\/h3>\n<div class=\"example\">\n<p><strong>Subject: \u00a0Payment Advice &#8211; Advice Ref:[G52499395560] \/ ACH credits \/ Customer Ref:[TH20170517140612367BND] \/ Second Party Ref:[]<\/strong><\/p>\n<p>Dear Sir\/Madam,<\/p>\n<p>The attached \u00a0<span class=\"il\">payment<\/span> \u00a0<span class=\"il\">advice<\/span> \u00a0is issued at the request of our customer. The \u00a0<span class=\"il\">advice<\/span> \u00a0is for your reference only.<\/p>\n<p>Yours faithfully,<br \/>\nGlobal Payments and Cash Management<br \/>\n<span class=\"il\">HSBC<\/span><\/p>\n<p>***************************************************************************<\/p>\n<p>This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded.<\/p>\n<p>***************************************************************************<\/p>\n<p>Security tips<\/p>\n<p>1. Install virus detection software and personal firewall on your computer. This software needs to be updated regularly to ensure you have the latest protection.<br \/>\n2. To prevent viruses or other unwanted problems, do not open attachments from unknown or non-trustworthy sources.<br \/>\n3. If you discover any unusual activity, please contact the remitter of this payment as soon as possible.<\/p>\n<p>*******************************************************************<br \/>\nThis e-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail.<\/p>\n<p>Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability<br \/>\nfor any errors or omissions.<\/p>\n<p>*******************************************************************<br \/>\n&#8220;SAVE PAPER &#8211; THINK BEFORE YOU PRINT!&#8221;<\/p>\n<p><em>Attached file: Payment Advice.doc<\/em><\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- Third Content Ad Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1909104632\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/hsbc-payment-advice-malware-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/hsbc-payment-advice-malware-email\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This email purports to be a payment advice from Global Payments and Cash Management at HSBC. The &#8216;auto-generated&#8217; email suggests that you open an attached file \u00a0to view the payment advice document. \u00a0 However, the email is not from HSBC and the attachment does not contain a payment advice document. If you open \u00a0the attached [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2016","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2016"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2016"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2016\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}