Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Bank of America Merchant Statement Malware Email

Message purporting to be from Bank of America claims that recipients can view a Paymentech electronic Merchant Billing Statement by opening an attached file.


© vaeenma

Brief Analysis
The message is not from Bank of America and the attached file does not contain a billing statement. In fact, the attachment contains malware. The email is just one in a series of malware messages that purport to be from well-known financial entities, including Citibank and Chase. If you receive such a message, do not open any attachments or click any links that it contains.

Bookmark and Share

Subject: Merchant Statement

Attached (pdflPDF|pdf file|document|file) is your Bank of America Paymentech electronic Merchant Billing Statement. If you need assistance, please (contact|message|call) your Account Executive or call Merchant Services at the telephone number listed on your statement.


This (email|mail) is sent from an unmonitored email address, and your response will not be received by Bank of America Paymentech. Bank of America Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Bank of America Paymentech's or the Merchant's email service or otherwise. Bank of America Paymentech recommends that Merchants continue to monitor their statement information regularly.

Learn more about Bank of America Paymentech Solutions, LLC payment processing services at Bank of America.

Attached file: stid

Detailed Analysis

This email, which claims to be from Bank of America, instructs recipients to open an attached file to view a Bank of America Paymentech electronic Merchant Billing Statement.

However, the message is not from Bank of America and the attached file contains something significantly more sinister than a billing statement. The criminals running this campaign hope that at least a few recipients, panicked into believing that they have been billed for some unknown transaction, will open the attachment without due care and attention. Bank of America merchant customers might also be initially fooled into thinking that the email is legitimate.

Those who do open the attached .zip file will find that it contains a .exe file.  But clicking the .exe file will install a trojan on the user's computer. The trojan, a variant of ZBot, can steal personal information from the compromised computer and send it to a remote server.  It can also download other malware components.

Similar "merchant statement" malware emails falsely claim to come from Chase Paymentech, Citibank and other financial entities. As with the Bank of America version, attachments to the emails contain malware.

If you receive one of these emails, do not open any attachments or click on any links that it contains.

Bookmark and Share

Last updated: July 23, 2013
First published: July 23, 2013
By Brett M. Christensen
About Hoax-Slayer

Chase Paymentech 'Merchant Billing Statement' Malware Email
Citibank Paymentech Billing Statement Malware Emails

Go to Mobile Version