How to recognize fake "Annual Financial Review Status" emails

What kind of email is "Annual Financial Review Status"?

Our inspection of the "Annual Financial Review Status" email revealed that it is spam. This message instructs the recipient to review the annual financial document to proceed with its finalization. The goal of this spam campaign is to deceive recipients into installing the ConnectWise ScreenConnect remote access software, thereby granting cyber criminals remote access to their devices.

"Annual Financial Review Status" email virus overview

The spam email with the subject "Q2 Annual Review Reminder" (may vary) informs that the annual financial document is going through its scheduled review. To proceed with the finalization, the recipient must review the document. It must be emphasized that the information in this email is false, and this mail is not associated with any genuine service providers or other entities.

After the "Review Document Now" button is clicked, it results in the installation of the legitimate ConnectWise ScreenConnect remote access software. It is not uncommon for criminals to abuse genuine remote desktop programs for nefarious activities. More information on how ScreenConnect is spread and utilized in spam campaigns can be found in our dedicated article, and more on the software itself can be found here.

Basically, this type of software allows cyber criminals to control devices remotely and remove genuine security programs, install malware, steal sensitive data, and so on. This malicious use of remote access tools creates a certain overlap with technical support scams, which are described in-depth in our dedicated article.

To summarize, by trusting an email like "Annual Financial Review Status" – users can experience multiple system infections, severe privacy issues, financial losses, and identity theft.

Malspam examples

We have written about countless spam campaigns; "Monthly e-Statement", "Your Statement Is Available For Review", and "Order Placement" are just a few of our latest articles on emails used to spread (malicious) software.

Spam mail is heavily utilized in malware proliferation. It is also used to facilitate various scams, including tech support, refund, phishing, sextortion, advance fee, etc.

Due to how prevalent spam mail is and how well-crafted it can be – we highly recommend exercising caution with incoming emails, DMs/PMs, SMSes, and other messages.

How do spam campaigns infect computers?

Malware and software used for malicious purposes are commonly spread through spam campaigns. These emails/messages include files as attachments or download links. Infectious files come in various formats, e.g., executables (EXE, RUN, etc.), archives (ZIP, RAR, etc.), documents (PDF, Microsoft Office, Microsoft OneNote, etc.), JavaScript, and so on.

Merely opening a malicious file can be enough to trigger the infection chain. However, some formats require additional interaction to begin downloading/installing malware. For example, Microsoft Office files need users to enable macro commands (i.e., content/editing), while OneNote documents require them to click on embedded links or files.

How to avoid installation of malware?

We strongly advise approaching incoming emails and other messages with caution. Attachments or links found in dubious/irrelevant mail must not be opened, as they can be harmful or virulent.

However, malware is spread using various methods. Therefore, we recommend being careful while browsing since fake and dangerous online content usually appears legitimate and innocuous.

Furthermore, all downloads must be made from official and verified channels. Another recommendation is to activate and update programs using functions/tools provided by genuine developers, as illegal software activation tools ("cracks") and third-party updates may contain malware.

We must stress the importance of having a reputable antivirus installed and kept updated. Security programs must be used to perform regular system scans and to remove threats and issues. If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated threats.

Text presented in the "Annual Financial Review Status" spam email letter:

Subject: Q2 Annual Review Reminder

Annual Financial Review Status

Dear Client,

Your annual financial document is progressing through its scheduled review. Below is the current status:

1. Document Prepared
Completed on May 1, 2025

2. Awaiting Your Review
Action Required – Please Review

3. Finalization
To be completed after your input

Reference ID: FS-2025-XXXX

Review Document Now

To proceed with finalization, please complete your review at your earliest convenience.

Kind regards,
Financial Services Team

This is an automated notification. Please do not reply to this message.

Screenshot of the installation folder of ScreenConnect proliferated by this spam campaign:

Instant automatic malware removal:

Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:

By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.

Quick menu:

• What is "Annual Financial Review Status"?
• STEP 1. Uninstall deceptive applications using Control Panel.
• STEP 2. Remove rogue extensions from Google Chrome.
• STEP 3. Remove potentially unwanted plug-ins from Mozilla Firefox.
• STEP 4. Remove rogue extensions from Safari.
• STEP 5. Remove rogue plug-ins from Microsoft Edge.

Removal of unwanted applications:

Windows 11 users:

Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.

Windows 10 users:

Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.

Windows 7 users:

Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.

macOS (OSX) users:

Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.

In the uninstall programs window, look for "ScreenConnect" and other suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".

After uninstalling the potentially unwanted application, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.

Remove rogue extensions from Internet browsers:

At time of research, ScreenConnect did not install any unwanted browser extensions, however, some unwanted applications can be installed together with adware and browser hijackers. If you experience unwanted ads or redirects when browsing the Internet, continue with the removal guide below.

Video showing how to remove potentially unwanted browser add-ons:

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

Optional method:

If you continue to have problems with removal of the "annual financial review status" malspam, reset your Google Chrome browser settings. Click the Chrome menu icon  (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.

After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.

In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.

Remove malicious plugins from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window), select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

Optional method:

Computer users who have problems with "annual financial review status" malspam removal can reset their Mozilla Firefox settings.

Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.

Select Troubleshooting Information.

In the opened window, click the Refresh Firefox button.

In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.

Remove malicious extensions from Safari:

Make sure your Safari browser is active, click Safari menu, and select Preferences....

In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.

Optional method:

Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...

In the opened window select all history and click the Clear History button.

Remove malicious extensions from Microsoft Edge:

Click the Edge menu icon  (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.

Optional method:

If you continue to have problems with removal of the "annual financial review status" malspam, reset your Microsoft Edge browser settings. Click the Edge menu icon  (at the top right corner of Microsoft Edge) and select Settings.

In the opened settings menu select Reset settings.

Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.

• If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.

Summary:

Commonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.

Post a comment:
If you have additional information on "annual financial review status" malspam or it's removal please share your knowledge in the comments section below.

Frequently Asked Questions (FAQ)

Why did I receive this email?

Even if a spam email includes personal or otherwise relevant information – that does not make the message itself personal. These messages are sent out in mass-scale operations – hence, thousands of users receive identical or incredibly similar emails.

I have read a spam email but didn't open the attachment, is my computer infected?

Reading an email does not pose an infection threat. Systems are compromised when malicious attachments or links are opened/clicked.

I have downloaded and opened a file attached to a spam email, is my computer infected?

Whether a system was infected might depend on the format of the opened file. Once run, executables cause infections almost without fail. However, some formats require additional interaction. For example, document formats may need users to enable macro commands, click embedded files/links, or perform other actions to jumpstart malware download/installation.

Will Combo Cleaner remove malware infections present in email attachments?

Combo Cleaner is capable of detecting and removing practically all known malware infections. Keep in mind that performing a complete system scan is essential since sophisticated malicious software tends to hide deep within systems.