Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Payment Gateway 'Credit Card Transaction Result' Malware Email

Jump To: Example    Detailed Analysis   Comments   References


Payment gateway transaction result notification email claims that your credit card has been charged several hundred dollars. The email includes an attachment that supposedly contains a sales receipt for the transaction.

payment gateway malware
© lucidwaters

Brief Analysis

The email is not a genuine transaction notification.  The attachment contains malware. Fake order and transaction malware emails are currently very common. Be wary of any unsolicited email that asks you to click a link or open an attached file to review a supposed transaction or see a sales receipt.


related Links
What's New   Top Ten   Special Features   Subscribe


Subject: Credit Card Transaction Result
Transaction APPROVED
Merchant Web Site:                G.P. LTD
Order Number:                     326054311303
Payment Gateway Order code:       6201989891692972
Payment Gateway Transaction code: 2479560813277048
Amount:                           $ 524.49
Brand:                            VISA
Authorization Code:               085848
(Attached file: Sales Receipt_Merchant

payment gateway malware

Detailed Analysis

Payment Gateway Transaction Email Lists Credit Card Charge

According to this 'transaction result' email, a credit card transaction for several hundred dollars has been approved. The email lists details of the supposed transaction and includes a payment gateway order and transaction code.

The email includes an attached file that appears to be a sales receipt.

Email is Fraudulent - Attachment Contains Malware

However, the email is not a legitimate transaction result message and the attachment does not contain a sales receipt.

Instead, the attached .zip file harbours a file that, if opened, can install malware on your computer.

The exact type of malicious payload may vary in different versions of this attack. However, once installed, the malware may collect sensitive information from the infected computer and send it to online criminals. It may also download and install further malware and join the infected computer to a botnet.

Fake Transaction Emails Commonly Used to Distribute Malware

Fake order malware campaigns are very common, especially in the weeks leading up to Christmas.

Some, like this one are quite simply rendered. Others are more sophisticated and may pretend to come from well-known companies.

All are designed to trick people into opening attachments or clicking links without due caution.

In some cases, victims may be panicked into opening attachments or clicking links because they believe that their credit card has been used to make fraudulent transactions.  

In other cases, people may proceed because they have been shopping and are expecting packages.

Be cautious of any unsolicited email that tries to get you to open an attachment or click a link to get details of a transaction, online order, or package delivery.

payment gateway malware

© yupiramos

Last updated: December 15, 2014
First published: December 15, 2014
By Brett M. Christensen
About Hoax-Slayer

Watch Out For These 6 Christmas Internet Scams
Fake Costco Order Notification Leads to Malware
Fake Walmart 'Order Details' Email Opens Malware Website
USPS Malware Emails