Protect Yourself from the "Payment Available" phishing email scam

Post hero image

Table of contents

See Hoxhunt in action
Drastically improve your security awareness & phishing training metrics while automating the training lifecycle.
Get a Demo

Expecting a payment? Phishing attacks like this "Payment Available"/"New Remittance Documents Received” email exploit this common business context to make their attack even more convincing. The mention of an available payment can trigger a sense of urgency and excitement, causing individuals to lower their guard and easily fall for the trap. This type of attack is especially dangerous for businesses as it can lead to sensitive financial information being compromised, putting their operations and finances at risk.  

The email claims that there is a payment available and new remittance documents that the recipient can access by clicking on a "Review Documents" link. However, this email is nothing more than a cleverly disguised attempt to steal personal information and compromise security.

Phishing email attempt to steal personal information and compromise securityy

The first red flag of this phishing email is the sender's address. The sender's name "Chris Hudson" does not match the email address, which is a free service (@icloud.com). Secondly, the email is vague and does not specify which service or person it is from. This lack of specificity is a common tactic used by phishing emails to evade detection.

The "Review Documents" link leads to an unrelated website that does not make sense in the context of the email. This website attempts to evoke curiosity by mentioning an available paymentand asks them to "Download Remittance". Clicking on the download prompt then leads to another malicious website, this time containing a credential harvester

Off the hook

To stay safe from similar phishing attacks, it is important to be vigilant and cautious. Always check the sender's address and whether it makes sense in the context of the email. Additionally, hover over links before clicking on them to see where they lead. If in doubt, it's always better to manually navigate to the website of a service, instead of clicking on links in emails.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this