Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Citibank Paymentech Billing Statement Malware Emails

Email purporting to be from Citibank Paymentech invites recipients to open an attached file to view a Merchant Billing Statement.



Brief Analysis
The email is not from Citibank. The attachment .zip folder contains a malicious .exe file that, if opened, can install malware on the recipient's computer. If you receive one of these emails, do not open any attachments or click on any links that it contains.

Bookmark and Share
Subject: Paymentech Statement

Attached is your Citibank Paymentech electronic Merchant Billing Statement. If you need assistance, please contact your Account Executive or call Merchant Services at the telephone number listed on your statement.

PLEASE DO NOT RESPOND BY USING REPLY. This email is sent from an unmonitored email address, and your response will not be received by Citibank Paymentech.

Citibank Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Citibank Paymentech's or the Merchant's email service or otherwise. Citibank Paymentech recommends that Merchants continue to monitor their statement information regularly.

---------- Learn more about Citibank Paymentech Solutions, LLC payment processing services at ----------

THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer.

Attached file : StatementID(string of numbers).zip

Detailed Analysis

This email, which purports to be from Citibank Paymentech, instructs recipients to open an attached .zip file to view a Merchant Billing Statement. It claims that contact details for merchant services are included on the statement.

However, the email is not from Citibank and the attachment does not contain a billing statement. In fact, the attachment harbours malicious software. Those who fall for the ruse and open the attached .zip file will then be presented with a .exe file. If they proceed to open the .exe file, they will install the malware on their computers. Typically, such malware can collect personal information stored on the compromised computers, send the stolen information to remote servers controlled by Internet criminals, and download further malware.

The criminals responsible for this campaign bank on the fact that at least some recipients, panicked into believing that they have been billed erroneously, will open the attachment without due caution. And some Citibank customers who do use merchant services may also be tricked into thinking that the message is legitimate.

A very similar malware attack, which featured "billing statement" emails that falsely claimed to be from Chase Paymentech, occurred in late 2012. As in this case, the attachments contained malware. If you receive one of these messages, do not open any attachments or follow any links that it contains.

Bookmark and Share

Last updated: May 7, 2013
First published: May 7, 2013
By Brett M. Christensen
About Hoax-Slayer

Threat Outbreak Alert: Fake Electronic Billing Statement E-mail Messages on May 3, 2013
Chase Paymentech 'Merchant Billing Statement' Malware Email

Go to Mobile Version