Cyber criminals emailing fake HKMA invoices

Opening email attachment activates Trojan malware.

Cyber security experts warn cybercriminals are using fake Hong Kong Monetary Authority invoices to distribute malware. The emails carry the name, “Invoice #3404196-Remit File,” and read something like this:

“The following is issued on behalf of the Hong Kong Monetary Authority. Attached is the invoice (Invoice_3604196.zip) received from your bank. Please print this label and fill in the requested information. Once you have filled out all the information on the form please send it to [email protected]”

Security firm MX Lab said the emails have nothing to do with the HKMA. Instead, the fake invoice is a Trojan downloader that retrieves other malicious elements onto the compromised computer.

In case you come across such an email, ignore it. If you’ve already opened the attachment, scan your computer with an antivirus program.

Scam notifications that leverage the name of the Hong Kong Monetary Authority can be reported to [email protected].