Recently, there has been an increase in malicious e-mails with PDF attachments explaining the benefits of using GPI CODE. These emails are targeting corporate sector (mainly small institutions which are not connected to SWIFT) and banks. These e-mails usually come from senders who represent small companies that offer an interesting business proposal if the recipient can do business using a “GPI CODE”. To make the emails appear legitimate, the emails contain operating procedures and documentation attached as files. Attached below are the screenshots.