A new email scam has been circulating users’ inboxes, asking recipients to review their payment and confirm it on the document attached, Hoax-Slayer reported.

The payment slip attached to the email is an executable file that once opened, installs a malicious code on the user’s computer. The message pretends to be a reply to an email the recipient has already sent, and it encourages them to open the attached file, so they can view the payment document.

The email also suggests that “Smith” (supposedly the sender) is waiting for the payment confirmation. Nevertheless, this message is not a reply to any email the recipient has previously sent, as the message implies, and has nothing to do with payments the user has made. However, the attachment does not actually contain any payment documents; instead it contains a .rar file with a malicious code.

Usually, such scams can create connections with servers remotely run by cybercriminals, and they can then collect and transfer sensitive information they have harvested from the computer, as well as being able to download more malicious files.

With this campaign, cybercriminals hope that at least a few users will open the attached .rar file to find out what this payment is for. So, users should be cautious with any emails that seem to be illegitimate and asks them to open attached files or click on links for further details. This is one of the most common methods of spreading malicious files.