Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 154 - May, 2013 (2nd Edition) - Page 12

Citibank Paymentech Billing Statement Malware Emails

Issue 154 Start Menu

Previous Article            Next Article

Email purporting to be from Citibank Paymentech invites recipients to open an attached file to view a Merchant Billing Statement.



Brief Analysis
The email is not from Citibank. The attachment .zip folder contains a malicious .exe file that, if opened, can install malware on the recipient's computer. If you receive one of these emails, do not open any attachments or click on any links that it contains.

Bookmark and Share
Subject: Paymentech Statement

Attached is your Citibank Paymentech electronic Merchant Billing Statement. If you need assistance, please contact your Account Executive or call Merchant Services at the telephone number listed on your statement.

PLEASE DO NOT RESPOND BY USING REPLY. This email is sent from an unmonitored email address, and your response will not be received by Citibank Paymentech.

Citibank Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Citibank Paymentech's or the Merchant's email service or otherwise. Citibank Paymentech recommends that Merchants continue to monitor their statement information regularly.

---------- Learn more about Citibank Paymentech Solutions, LLC payment processing services at ----------

THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer.

Attached file : StatementID(string of numbers).zip

Detailed Analysis

This email, which purports to be from Citibank Paymentech, instructs recipients to open an attached .zip file to view a Merchant Billing Statement. It claims that contact details for merchant services are included on the statement.

However, the email is not from Citibank and the attachment does not contain a billing statement. In fact, the attachment harbours malicious software. Those who fall for the ruse and open the attached .zip file will then be presented with a .exe file. If they proceed to open the .exe file, they will install the malware on their computers. Typically, such malware can collect personal information stored on the compromised computers, send the stolen information to remote servers controlled by Internet criminals, and download further malware.

The criminals responsible for this campaign bank on the fact that at least some recipients, panicked into believing that they have been billed erroneously, will open the attachment without due caution. And some Citibank customers who do use merchant services may also be tricked into thinking that the message is legitimate.

A very similar malware attack, which featured "billing statement" emails that falsely claimed to be from Chase Paymentech, occurred in late 2012. As in this case, the attachments contained malware. If you receive one of these messages, do not open any attachments or follow any links that it contains.

Bookmark and Share

Last updated: May 7, 2013
First published: May 7, 2013
By Brett M. Christensen
About Hoax-Slayer

Threat Outbreak Alert: Fake Electronic Billing Statement E-mail Messages on May 3, 2013
Chase Paymentech 'Merchant Billing Statement' Malware Email

Previous Article            Next Article

Issue 154 Start Menu

Pages in this issue:
  1. Facebook Page Hacker Warning Message - "Visit The New Facebook" Links
  2. Facebook Profile Viewer Scam
  3. Facebook Proposed Video Ads Message
  4. Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
  5. BMW Advance Fee Prize Scam
  6. 'Wire Transfer Canceled' Malware Email
  7. Warning Message About False Widow Spider in UK
  8. Is the US Department of Defense/Pentagon/Obama Going to Court-Martial Christians?
  9. Email Exceeded Storage Limit Phishing Scam
  10. 'I'm Not Asking You to Like This' - Yet Another Sick Baby Donations For Sharing Hoax
  11. Bear Grylls Producer Snakebite Foot Injury Picture
  12. Citibank Paymentech Billing Statement Malware Emails
  13. Water Bottle Car Fire Warning
  14. Were Cages Placed Over Graves in Victorian Times to Trap the Undead?
  15. No, A Facebook Page is NOT Stealing Baby Photos of People Who Have 'Baby' On Their Walls
  16. Was an image of a Weird 'Half Cat' Captured by Google Street View?
  17. Messages Warn of 'Deadly Giant Snails' In Texas
  18. 'Facebook Online International Lottery' Advance Fee Scam
  19. Yet Another Deplorable Sick Baby Hoax
  20. ANZ 'Quick 3-Question Survey' Phishing Scam