Issue 130 - May 2012 (1st Edition) - Page 13
Bogus Verizon Wireless Bill Email Points to Malware
Email purporting to be from Verizon Wireless claims that the recipient's current bill is available online and invites him or her to click a link to view and pay the bill.
The email is not from Verizon. The message is part of a criminal campaign aimed at infecting computers with information stealing malware. The links in the email open websites that host versions of the BlackHole exploit kit, a criminal application that uses security vulnerabilities on the targeted computer to install trojans and other malware.
Detailed analysis and references below example.
Scroll down to submit comments
Last updated: 20th April 2012
First published: 20th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Your Bill Is Now Available
Your current bill for your account is now available online in My Verizon
Total Balance Due: $1703.09
Keep in mind that payments and/or adjustments made to your account after your bill was generated will not be reflected in the amount shown above.
>View and Pay Your Bill
Want to simplify payments?
> Enroll in Auto Pay
Thank you for choosing Verizon Wireless.
This email, which purports to be from service provider Verizon Wireless, claims that the recipient's current Verizon bill is available online. The recipient is invited to click links in the email to view and pay the bill or to enrol in an "AutoPay" system.
However, the email is not from Verizon and the links it contains do not lead to an online Verizon bill. In fact, the message is an attempt by cybercriminals to trick recipients into downloading malware. Those who click the link will be taken to a webpage that advises them to wait while the page is loading (see screenshot on right). However, rather than loading the expected bill, the page will redirect to another site that hosts a version of the BlackHole exploit kit
. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware.
In this particular attack
, a version of Trojan.Zbot is eventually delivered to the victim's computer. This trojan can monitor web browser
use and collect usernames and passwords including online banking login details and pass them on to Internet criminals.
The "Total Balance Due" listed in the scam email varies in different incarnations of the message. However, in many cases, it is likely to be considerably higher than the customer's normal bill amount. The criminals bank on the fact that at least some recipients, panicked by what they perceive as an unexpectedly high service bill, will click on the link without due forethought. And some recipients who are not even Verizon customers may still click on the malware link in the belief that a fundamental error has been made and needs to be rectified.
In recent months, criminals have launched several quite similar attacks with the aim of fooling users into visiting websites that host the BlackHole exploit kit. In December 2011, fake Amazon.com order notifications
were distributed that contained links to BlackHole websites. And, during early 2012, a series of malware emails purporting to be airline flight confirmation messages
again pointed recipients to compromised sites that harboured BlackHole. BlackHole is a widely used criminal toolkit and such attacks are likely to continue. Be very cautious of clicking links in emails, even if they appear to be legitimate. Some such attacks are quite sophisticated and it may be difficult - at least without careful examination - to tell the difference between a bogus email and a genuine notification. Rather than click on email links, it is safer to open your browser and go to the service provider's website directly by entering the web address. And, of course, always ensure that you have installed the latest security updates for your browser and operating system and have up-to-date antivirus and anti-malware protection on your computer.
BlackHole Exploit Kit
Fake Verizon Wireless Bill Notification Emails Lead to Malware
Verizon bill for $954 attacks your computer
Bogus Amazon Shipping Confirmation Emails Point To Malware
US Airways 'Flight Confirmation' Malware Emails
Pages in this issue:
- Fake Microsoft "Anti-spoofing Update" Notification Email
- Facebook Survey Scam - Free Pair of Ray-Bans
- New US Presidential Coins Omit "In God We Trust"?
- Warnings Claim Thousands May Lose Internet In July 2012
- Facebook Sweepstakes Advance Fee Scam
- Facebook Message Asks For Boycott Of Subway Store Due to Staff Treatment Of Autistic Child
- Hoax: HIV Infected Blood In Pepsi
- '22 Foot 2500 Pound' Crocodile Photo
- 'DGTFX Virus' Email Account Phishing Scam
- Bank Of America 'General Account Update' Phishing Scam
- Photos of Elephants Inside the Mfuwe Lodge in Zambia
- Miracle in Egypt - Buried Children Saved By Jesus
- Bogus Verizon Wireless Bill Email Points to Malware
- Boeing 797 Hoax
- 'Switch To Green' Facebook Survey Scam
- Phishing, Malware and Survey Scam Campaign - 'Click Here To See Attached Photos'
- Yahoo 'E-Mail Account Exceeded' Phishing Scam
- Hoax - June 2012 - 5 Fridays, 5 Saturdays and 5 Sundays