Scam E-mails Carrying Malware Masquerade as Citibank Paymentech

Security companies and many websites posting advisories on scams have cautioned Internauts of fake e-mails carrying malware which pose as Citibank Paymentech messages, published softpedia.com dated May 7, 2013.

Bearing a header "Merchant Statement," the e-mail tells its recipient that his Merchant Billing Statement from Citibank Paymentech is attached. Incase of any help required, he's urged to communicate with his Account Executive else dial the Merchant Services phone-number provided in the statement.

The e-mail then states that it requires no reply as its sender's e-mail id is unmonitored because of which no reply will reach Citibank Paymentech.

Any liability, which might accrue from else associate with delay alternatively failure because of the e-mail service of the Merchant or Citibank Paymentech won't make Citibank Paymentech responsible. The latter suggests that Merchants keep on maintaining watch over their statements routinely.

The e-mail even tries to appear genuine so it highlights that the current message is secret which along with its attachments, comprises confidential as also proprietary information that solely recipient(s) whose names appear above can use.

Nevertheless, the e-mail hasn't been sent from Citibank, while there's no billing statement in the attachment either. Actually, there's malware in the attachment that BitDefender the security company detected as the infamous Trojan ZBot.

If users believe the ruse as also view the attachment, a zipped archive, they'll get an executable. Opening this executable will produce malware, which will get planted onto their PCs. Undoubtedly, this kind of malware can steal private data stacked on the infected PCs, transmit them onto remote servers under the hold of online-scammers, as well as pull down more malware, security researchers warn.

Moreover, the cyber crooks behind this scam hope that a few of the e-mail recipients at least will become so scared that they'll be convinced the bill sent to them has been mistakenly done. So they'll view the attachment unwarily. Similarly, a few Citibank clients not utilizing merchant services too maybe duped and made to believe the electronic mail is real.

Meanwhile, during mid-December 2012, in another prominent malware-laden e-mail attack, Citibank clients received bogus e-mails that diverted onto a malicious website serving BlackHole.

» SPAMfighter News - 5/16/2013