Monday, March 26, 2012

Fake Verizon Wireless Bill Notification Emails Lead to Malware

Careful when clicking links within Verizon bill notification emails.

Cybercrooks are spamming out emails that closely resemble the emails Verizon sends to their customers to let them know that their cellphone bill is ready to view online.

This particular spam campaign poses a high risk since the balance displayed to the user is likely far more than they’re accustomed to, which may drive recipients to click links within the emails without a second thought.

Verizon Bill Spam
Screenshot Credit: Barracuda Labs


And considering all of the embedded links point to a malicious non-Verizon website hosting the Blackhole exploit kit, that can quickly turn into a costly mistake as malware will be installed on any vulnerable computers that visit the site.

According to Barracuda Labs, the malware delivered is none other than the infamous ZeuS/Zbot, which is known for its effective ability to steal online banking credentials and upload them to a remote server controlled by the attackers.

How to Spot the Fake Verizon Wireless Bill Notifications


Although the cybercrooks behind this spam campaign have done a fairly good job copying the layout of the Verizon bill notification emails, there still are a few ways to tell them apart:

  • In legitimate Verizon Wireless bill notification emails, the first line of the email will read, “Your current bill for your account ending in XXXX-XXXXX is now available online in My Verizon.” Meanwhile, the fake emails will simply say, “Your current bill for your account is now available online in My Verizon.”

  • The balance due will differ greatly from what you typically pay. So if you usually pay $100/month and suddenly receive an email saying you owe $500, yet you haven’t done anything different during the billing cycle to warrant such charges, then something is up – and the problem may not necessarily be with your account, but the email you’re looking at.

  • By hovering over the links, you notice that they point to a third-party website that obviously doesn’t belong to Verizon Wireless. The links in the spam message received by Barracuda Labs was “hxxp://trauma.co.id/XXXXXX/index.html” – which is clearly not affiliated with Verizon Wireless. It is important to note that it’s likely multiple URLs are being used.


As a rule of thumb, it’s always best to just type the URL of the website you wish to visit directly into your browser’s address bar instead of clicking links provided within emails.

What to Do With Fake Verizon Wireless Bill Notifications


Did you also receive one of these fake Verizon bill notices? We suggest that you:

  • Avoid clicking on any of the embedded links.

  • Forward the email to phishing@verizonwireless.com.

  • Delete the email.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment