HSBC customers, and online banking users in general, are targets of phishing and online banking scams always. The spammed message we have seen targeting HSBC users poses as a reply to a supposedly earlier mail request from the recipient. The payment advice that is being referred to in the mail is an attachment, which Trend Micro detects as TROJ_UPATRE.YYSK.
Extracting the attachment leads the unsuspecting user to a file named CashPro, which looks like a PDF file. However, upon further checking, the attachment is actually the UPATRE malware. UPATRE is known to gather computer information. It is also known to download/be distributed with information theft malware such as ZBOT and DYRE.
Trend Micro products effectively blocks this malicious spam and its attachment.