Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Bogus Verizon Wireless Bill Email Points to Malware

Outline
Email purporting to be from Verizon Wireless claims that the recipient's current bill is available online and invites him or her to click a link to view and pay the bill.



Brief Analysis
The email is not from Verizon. The message is part of a criminal campaign aimed at infecting computers with information stealing malware. The links in the email open websites that host versions of the BlackHole exploit kit, a criminal application that uses security vulnerabilities on the targeted computer to install trojans and other malware.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: 20th April 2012
First published: 20th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Your Bill Is Now Available

Your current bill for your account is now available online in My Verizon

Total Balance Due: $1703.09

Keep in mind that payments and/or adjustments made to your account after your bill was generated will not be reflected in the amount shown above.
>View and Pay Your Bill

Want to simplify payments?

> Enroll in Auto Pay

Thank you for choosing Verizon Wireless.

Verizone malware email




Detailed Analysis
This email, which purports to be from service provider Verizon Wireless, claims that the recipient's current Verizon bill is available online. The recipient is invited to click links in the email to view and pay the bill or to enrol in an "AutoPay" system.

Wait Page Loading Malware
However, the email is not from Verizon and the links it contains do not lead to an online Verizon bill. In fact, the message is an attempt by cybercriminals to trick recipients into downloading malware. Those who click the link will be taken to a webpage that advises them to wait while the page is loading (see screenshot on right). However, rather than loading the expected bill, the page will redirect to another site that hosts a version of the BlackHole exploit kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware.

In this particular attack, a version of Trojan.Zbot is eventually delivered to the victim's computer. This trojan can monitor web browser use and collect usernames and passwords including online banking login details and pass them on to Internet criminals.

The "Total Balance Due" listed in the scam email varies in different incarnations of the message. However, in many cases, it is likely to be considerably higher than the customer's normal bill amount. The criminals bank on the fact that at least some recipients, panicked by what they perceive as an unexpectedly high service bill, will click on the link without due forethought. And some recipients who are not even Verizon customers may still click on the malware link in the belief that a fundamental error has been made and needs to be rectified.

In recent months, criminals have launched several quite similar attacks with the aim of fooling users into visiting websites that host the BlackHole exploit kit. In December 2011, fake Amazon.com order notifications were distributed that contained links to BlackHole websites. And, during early 2012, a series of malware emails purporting to be airline flight confirmation messages again pointed recipients to compromised sites that harboured BlackHole. BlackHole is a widely used criminal toolkit and such attacks are likely to continue. Be very cautious of clicking links in emails, even if they appear to be legitimate. Some such attacks are quite sophisticated and it may be difficult - at least without careful examination - to tell the difference between a bogus email and a genuine notification. Rather than click on email links, it is safer to open your browser and go to the service provider's website directly by entering the web address. And, of course, always ensure that you have installed the latest security updates for your browser and operating system and have up-to-date antivirus and anti-malware protection on your computer.

Bookmark and Share

References
BlackHole Exploit Kit
Fake Verizon Wireless Bill Notification Emails Lead to Malware
Verizon bill for $954 attacks your computer
Bogus Amazon Shipping Confirmation Emails Point To Malware
US Airways 'Flight Confirmation' Malware Emails

Last updated: 20th April 2012
First published: 20th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer