Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 118 - September 2011 - Page 14

Hotel "Wrong Transaction" Malware Emails

Issue 118 Start Menu

Previous Article            Next Article

Outline
Emails purporting to be from various hotels in the United States claim that a "wrong transaction" has been discovered on the user's credit card and that he or she should fill in an attached refund form to allow return of the funds.



Brief Analysis
The messages are not from hotels. The claim that a credit card transaction problem has been found is a lie designed to trick recipients into opening the attached file. The attachments contain malware.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Scroll down to submit comments
Last updated: 3rd August 2011
First published: 3rd August 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples
Subject: Wrong transaction from your credit card in Ritz-Carlton Boston Common

Dear Customer!

Transaction: Mastercard 9878751_r

On July 26th, 2011 Hotel made wrong transaction decommissioning from your credit card totaling $1052. This partner hotel was divested accreditation in Moverick Company with reference of noncompliance of the service contract. For the return of funds please contact your bank and fill information in the attached form. In the attachment you will find expense sheet with the sum of wrong transaction decommissioning. Company just mediates and bears no responsibility for any money transactions made by Hotel. Sorry for the inconvenience. We trust you can solve this unpleasant problem.

Stewart Pruessner,
Manager of Reception Desk & Reservation Departament

Messages included an attached file named RefundForm8265.zip

Subject: Wrong transaction from your credit card in Grand Hyatt San Francisco

Dear Guest!

Transaction: Visa 6640_iqA

On July 26th, 2011 Hotel made wrong transaction decommissioning from your credit card totaling $1389. This partner hotel was divested accreditation in Moverick Company with reference of noncompliance of the service contract. Please see the attached form. You need to fill it in and contact your bank for the return of funds. In the attachment you will find expense sheet with the sum of wrong transaction debiting.

As Company is not responsible for money transactions and acts as intermediary you can seize the court directly to return the funds from the Hotel. Sorry for the inconvenience. We trust you can solve this unpleasant problem.

Achilles Denny,
Manager of Reception Desk & Reservation Departament

Messages included an attached file named RefundForm9525.zip



Detailed Analysis
These emailed messages, which purport to be from various Hotels across the United States, supposedly advise recipients that a "wrong transaction" has been discovered on their credit cards. Each message claims that the specified hotel made a charge to the recipient's credit card in error and that he or she should open a refund form contained in an attached file in order to organize a return of the mistakenly accessed funds.

However, the emails are certainly not from any hotels and the "wrong transaction" claims are lies designed to fool unwary recipients into opening the attached file. In fact, the emails are yet another attempt by Internet criminals to distribute malware.

The attached .zip file does not contain a refund form. Instead, it carries a .exe file that, if launched, can install an initial malware component. This malware can subsequently download and install further malware, including a rogue anti-virus scanner and an application designed to steal passwords from the infected computer.

Once installed, rogue anti-virus programs can pop-up annoying and intrusive "results" windows that supposedly display a list of viruses found on the infected computer. These supposed results are completely false and are designed solely to trick users into submitting their credit card details, ostensibly to pay for useless and unnecessary software to "fix" the non-existent computer problems. Such rogue anti-virus programs can be very difficult to remove.

The amount of the supposed "wrong transaction" along with the names of the Hotels and Hotel Managers varies in different incarnations of the scam emails. The strange and convoluted use of English in the messages indicates that they were created by criminals from a non-English speaking background.

If you receive one of these messages, delete it and do not open any attachments. If you have already opened one of the attachments and installed the malware, you should scan your system with up-to-date anti-virus and anti-malware software.

Bookmark and Share

References
Beware of 'wrong Transaction' Hotel Spam
Malicious hotel transaction spam



Previous Article            Next Article

Issue 118 Start Menu

Pages in this month's issue:
  1. Protest Message - First Responders Not Invited to 9/11 Tenth Anniversary Ceremony
  2. Amazon Account Review Phishing Scam
  3. 'May God Bless This Kind Person' Spyware Hacker Warning Hoax
  4. Diego Mendez Prayer Request
  5. 'Numerous Spams Activities from a Foreign IP' Webmail Phishing Scam
  6. Hoax - Professional Hacker 'Faceb Hu' Taking Control Of Computers Via Friend Requests
  7. ACH Payment Canceled Malware Email
  8. Fake Child Abduction Alert - Three Year Old Missing from Wollongong
  9. Request to Change Facebook Status to Support Injured Biker George
  10. Bogus Health Warning - Scratch Card 'Silver Nitro Oxide' Coating Causes Skin Cancer
  11. Bogus 'Free Items for Participating' Facebook Events
  12. Overblown and Outdated Warning - Facebook Instant Personalization
  13. Drano Bottle Bomb Warning Message
  14. Hotel "Wrong Transaction" Malware Emails
  15. Invitation FB Olympic Torch Virus Hoax
  16. Warning - ALDI External 4-in-1 Hard Drive Contains Built In Malware
  17. DEW Bottled Water Fatal Poisoning Hoax
  18. Unfounded Rumour - Facebook Friend Request Warning - People Trying to Access Photos of Children
  19. Massive Mound of Writhing Rattle Snakes
  20. eBay 'Trusted Selling with Identity Confirmation' Phishing Scam