Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 159 - August, 2013 (1st Edition) - Page 11

Bank of America Merchant Statement Malware Email

Issue 159 Start Menu

Previous Article            Next Article

Message purporting to be from Bank of America claims that recipients can view a Paymentech electronic Merchant Billing Statement by opening an attached file.


© vaeenma

Brief Analysis
The message is not from Bank of America and the attached file does not contain a billing statement. In fact, the attachment contains malware. The email is just one in a series of malware messages that purport to be from well-known financial entities, including Citibank and Chase. If you receive such a message, do not open any attachments or click any links that it contains.

Bookmark and Share

Subject: Merchant Statement

Attached (pdflPDF|pdf file|document|file) is your Bank of America Paymentech electronic Merchant Billing Statement. If you need assistance, please (contact|message|call) your Account Executive or call Merchant Services at the telephone number listed on your statement.


This (email|mail) is sent from an unmonitored email address, and your response will not be received by Bank of America Paymentech. Bank of America Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Bank of America Paymentech's or the Merchant's email service or otherwise. Bank of America Paymentech recommends that Merchants continue to monitor their statement information regularly.

Learn more about Bank of America Paymentech Solutions, LLC payment processing services at Bank of America.

Attached file: stid

Detailed Analysis

This email, which claims to be from Bank of America, instructs recipients to open an attached file to view a Bank of America Paymentech electronic Merchant Billing Statement.

However, the message is not from Bank of America and the attached file contains something significantly more sinister than a billing statement. The criminals running this campaign hope that at least a few recipients, panicked into believing that they have been billed for some unknown transaction, will open the attachment without due care and attention. Bank of America merchant customers might also be initially fooled into thinking that the email is legitimate.

Those who do open the attached .zip file will find that it contains a .exe file.  But clicking the .exe file will install a trojan on the user's computer. The trojan, a variant of ZBot, can steal personal information from the compromised computer and send it to a remote server.  It can also download other malware components.

Similar "merchant statement" malware emails falsely claim to come from Chase Paymentech, Citibank and other financial entities. As with the Bank of America version, attachments to the emails contain malware.

If you receive one of these emails, do not open any attachments or click on any links that it contains.

Bookmark and Share

Last updated: July 23, 2013
First published: July 23, 2013
By Brett M. Christensen
About Hoax-Slayer

Chase Paymentech 'Merchant Billing Statement' Malware Email
Citibank Paymentech Billing Statement Malware Emails

Previous Article            Next Article

Issue 159 Start Menu

Pages in this issue:
  1. Warning - Grapes and Raisins Toxic to Dogs And Cats
  2. Circulating Warning Claims Antiperspirants Cause Breast Cancer
  3. Gareth & Catherine Bull Advance Fee Lottery Scam
  4. Does a Viral Video Really Depict a Snowfall in the Philippines?
  5. Wellness Company Woolies Voucher Hoax
  6. Qantas 'E-Ticket Itinerary Receipt' Malware Email
  7. The Tale of Pastor Jeremiah Steepek and the Homeless Man
  8. American Express 'Online Security Service Notification' Phishing Scam
  9. Dell Computer Giveaway Survey and Like Farming Scam
  10. Tear Drop Monument - Russian Gift to the United States
  11. Bank of America Merchant Statement Malware Email
  12. Disgraceful Hoax - 'All Facebook Companies' Donations to Help 9 Year Old Girl'
  13. 'Disneyland SuMMer Vacation' Free Tickets Like-Farming Scam
  14. MBNA 'Request to Terminate Online Card Services' Phishing Scam
  15. Burned Dog Paws Warning
  16. Tim Tams 'May Contain Traces of Human Flesh' Hoax Image
  17. Spurious Facebook Warning - 'Powerful Computer Viruses Named Trojans'
  18. Big W Samsung TV Giveaway Like-Farming Scam
  19. Siamese Pike Photograph
  20. Circulating Message Warns of Drug Called 'Molly'
  21. 'Confirm Your Apple Account' Phishing Scam
  22. Windows Live - Hotmail Account Closure Phishing Scam
  23. Circulating Internet Message Warns of Rotavirus Outbreak
  24. Facebook 'Graphic App' Privacy Warning Hoax
  25. Harvey Norman Like Farming Scam