Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

MALWARE - 'Invoice Overdue Notification'


'Invoice overdue' email claims that, if you do not pay the outstanding amount within 7 days, legal action will be taken to recover the money owed. You are invited to 'press a link' to view the original invoice.

Facebook phising
© alexskopje

Brief Analysis

The email is not a genuine overdue notification. Clicking the link in the message takes you to a website that contains malware. If you receive this message, do not click on any links or open any attachments that it contains.


Subject: Invoice overdue notification

We are writing to you about fact, despite previous reminders, there remains an outstanding amount of GBP 255.70 in respect of the invoice(s) contained in current email . This was due for payment on 31 August, 2014.
Our credit terms stipulate full payment within 3 days and this amount is now more than 14 days overdue. The total amount due from you is therefore GBP 355.44
If the full amount of the sum outstanding, as set above, is not paid within 7 days of the date of this email, we will have to begin legal action, without warning, for a court order requiring payment. We may also commence insolvency proceedings. Legal proceedings can take effect on any credit rating. The costs of legal proceedings and any other amounts which the court orders must also be paid in addition to the debt.
This email is being sent to you in accordance with the Practice Direction on Pre-Action Conduct (the PDPAC) contained in the Civil Procedure Rules, The court has the power to sanction your continuing failure to respond.
To view the the original invoice please press on link
We quick reaction to this email.

Detailed Analysis

'Invoice Overdue' Email Threatens Legal Action if Bill Not Paid

According to this email, a payment for an invoice is overdue and must be paid within seven days. The email threatens legal action to recover the outstanding amount if it is not paid on time. The message warns that, if the bill remains unpaid, the company may also commence insolvency proceedings and your credit rating may be impacted.

You are advised to 'press a link' to view the original invoice.

Email is Not A Genuine Notification - Links to Malware

However, the email is not a real invoice notification. The supposed overdue amount and the threats of legal action are just a ruse designed to trick you into clicking the link.

If you do click the link, you will be taken to a compromised website that automatically redirects to another webpage that hosts a version of the Angler Exploit Kit.

Angler EK is a malicious web application that can check your computer for outdated software that may be vulnerable to attack and exploit the vulnerabilities it finds to download and install various types of malware.

Details, such as the subject line, the amount due, and the name of the sender, may vary in different incarnations of the email.

Message Attempts to Panic Users into Clicking

The criminals operating this campaign hope that at least a few users, panicked by the threat of legal action, will click the link without due caution. And, because the email does not say what product or service the supposed overdue amount is actually for, some users may click the link in the hope of getting more information.

Online criminals use such simple social engineering tricks constantly. While these ruses may seem transparent to more experienced computer users, many people still fall for them.

If you receive one of these bogus overdue invoice notifications, do not click any links or open any attachments included in the message.


Last updated: September 17, 2014
First published: September 17, 2014
By Brett M. Christensen
About Hoax-Slayer

'Unpaid invoice notification' spam leads to Angler Exploit Kit
SonicWALL Security Center