This email, which was supposedly sent by multinational investment bank HSBC, supposedly contains a payment advice in an attached file.
The email claims that the payment advice was issued at the request of a customer and is for your reference only.
However, the email is not from HSBC and does not contain a legitimate payment document.
It is a phishing scam designed to steal your email account login credentials.
Clicking on what at first glance appears to be a PDF attachment actually opens a malicious website. Once on the fake site, you will be asked to log in with your email address and email account password.
Criminals can collect the details you supply and use them to hijack your email account along with any linked services that have the same login credentials.
Once they have gained access to your account, the crooks can use your email service to distribute scam, spam, and malware in your name. They may also be able to access and steal private documents and images that you have in an online storage service attached to your account. And, they may be able to make fraudulent transactions via your account’s app store.
Email phishing scams take many forms. Stay vigilant. It is always safer to log in to your online account via a trusted app or by entering the address into your browser’s address bar rather than by clicking a link in an unsolicited email.
A screenshot of the scam email:
Transcript of the scam email:
Subject: Payment Advice – Advice Ref:[G30883305169] / ACH credits / Customer Ref:[70307USF02118100] / Second Party Ref:[500000030117]
HSBC Advising Service ofsrep.ceosmuigw@hsbc.com via ushadvisors.com
SWIFT #08452019.pdf
391 KB
1 attachments (total 75.1 KB)Dear Sir/Madam,
The attached payment advice is issued at the request of our customer. The advice is for your reference only.
Yours faithfully,
USA HSBC North America Holdings Inc.
****************************** ****************************** ***************This is an auto-generated email, please DO NOT REPLY. Any replies to this
email will be disregarded.****************************** ****************************** ***************
Security tips1. Install detection software and personal firewall on your computer. This software needs to be updated regularly to ensure you have the latest protection.
2. If you discover any unusual activity, please contact the remitter of this payment as soon as possible.
****************************** ****************************** ***************