Home Malware HSBC ‘Payment Advice’ Malware Email

HSBC ‘Payment Advice’ Malware Email

by Brett M. Christensen

This email purports to be a payment advice from Global Payments and Cash Management at HSBC. The ‘auto-generated’ email suggests that you open an attached file to view the payment advice document. 

However, the email is not from HSBC and the attachment does not contain a payment advice document.

If you open the attached Microsoft Word File, you will be prompted to enable macros, ostensibly as a security measure.  If you do allow macros, a malicious macro will run in the background. The macro will download and install malware on your computer.

The exact nature of this malware may vary. Often, it will be ransomware that will lock up your computer files and then demand that you pay a fee to online criminals to receive the code to unlock them.

In other cases, the malware may be designed to steal sensitive information such as your banking login credentials.

Apparently, in an effort to make the email seem more legitimate, the scammers have – rather ironically – included some handy computer security tips. They have also tacked on a generic confidentiality clause.

Details may vary in different versions of these emails. Some versions may include the malware on a compromised website rather than in an attached file.

Be wary of any unsolicited email that claims to contain a payment advice, receipt, or invoice, accessed via a link or attached file. This is a favoured method of distributing malware.


Subject: Payment Advice – Advice Ref:[G52499395560] / ACH credits / Customer Ref:[TH20170517140612367BND] / Second Party Ref:[]

Dear Sir/Madam,

The attached payment advice is issued at the request of our customer. The advice is for your reference only.

Yours faithfully,
Global Payments and Cash Management


This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded.


Security tips

1. Install virus detection software and personal firewall on your computer. This software needs to be updated regularly to ensure you have the latest protection.
2. To prevent viruses or other unwanted problems, do not open attachments from unknown or non-trustworthy sources.
3. If you discover any unusual activity, please contact the remitter of this payment as soon as possible.

This e-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail.

Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability
for any errors or omissions.


Attached file: Payment Advice.doc


Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Brett Christensen