Spammers are hoping that users will be too distracted with threats of legal action, additional fees, and property seizure to notice that the email is coming from a mistyped “billmelateEr.com” email address - causing the recipient to make a hasty decision that involves them doing whatever is necessary to pay off their alleged debt.
From: Ebay (firstname.lastname@example.org)
Subject: You must immediately pay off the debt! #id5428
We have notified you several times about your debt to Bill Me Later.
In the even that you fail to voluntary satisfy our requirements for payment of your debts to Bill Me Later, we will have to turn to the court with the purpose of enforced collection of the debt, which may entail additional expenses for you, for example, the expenses in the amount of state duty, the cost of representative’s services for the compearance, the compensatory interest for the use or detention of money for each day of delay, and the execution fee. Furthermore, in accordance with applicable law, you may be restricted from traveling outside the territory of the country, and your property may be seized.
Based on the foregoing we offer you to pay the debt in the amount of $349.00 in one of the following ways within 10 days.
Bill Me Later.
It is assumed that in order for the user to go about paying off their alleged "debt" that they would have to download the malicious file attachment, INVOICE_FORM_ID41801.zip, containing malware Sophos identifies as Troj/Invo-Zip.
That's when the real fun begins.
Once it has made its way onto your machine, Troj/Invo-Zip will drop additional malware for you to play with. It is important to note that only 2/43 antivirus programs can detect this threat, according to the scan report from VirusTotal (see screenshot on the right).
How to Spot Fake Bill Me Later Emails
For the record, Bill Me Later has stated on their website that legitimate emails from them will never include an attachment. Other common characteristics of fraudulent emails include:
- Generic Greetings / Introductions
- Typos & Poor Grammar
- False Sense of Urgency
- Fake Links
Furthermore, legitimate emails will include a piece of information that identifies you and/or your account, such as your first/last name or the last 4 digits of your Bill Me Later account number.
What to Do with Bill Me Later Phishing Emails
If you receive an email similar to the one shown above, it is recommended that you:
- Avoid downloading any attached files or clicking any embedded links.
- Report the email to Bill Me Later by forwarding it to email@example.com. (Do not edit it in any way)
- Delete the email immediately.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.