Bank of America Merchant Statement Malware EmailOutline
Message purporting to be from Bank of America claims that recipients can view a Paymentech electronic Merchant Billing Statement by opening an attached file.
The message is not from Bank of America and the attached file does not contain a billing statement. In fact, the attachment contains malware. The email is just one in a series of malware messages that purport to be from well-known financial entities, including Citibank and Chase. If you receive such a message, do not open any attachments or click any links that it contains.
Subject: Merchant Statement
Attached (pdflPDF|pdf file|document|file) is your Bank of America Paymentech electronic Merchant Billing Statement. If you need assistance, please (contact|message|call) your Account Executive or call Merchant Services at the telephone number listed on your statement.
PLEASE DO NOT RESPOND BY USING REPLY.
This (email|mail) is sent from an unmonitored email address, and your response will not be received by Bank of America Paymentech. Bank of America Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Bank of America Paymentech's or the Merchant's email service or otherwise. Bank of America Paymentech recommends that Merchants continue to monitor their statement information regularly.
Learn more about Bank of America Paymentech Solutions, LLC payment processing services at Bank of America.
Attached file: stid 36618-22.zip
This email, which claims to be from Bank of America, instructs recipients to open an attached file to view a Bank of America Paymentech electronic Merchant Billing Statement.
However, the message is not from Bank of America and the attached file contains something significantly more sinister than a billing statement. The criminals running this campaign hope that at least a few recipients, panicked into believing that they have been billed for some unknown transaction, will open the attachment without due care and attention. Bank of America merchant customers might also be initially fooled into thinking that the email is legitimate.
Those who do open the attached .zip file will find that it contains a .exe file. But clicking the .exe file will install a trojan on the user's computer. The trojan, a variant of ZBot, can steal personal information from the compromised computer and send it to a remote server. It can also download other malware components.
Similar "merchant statement" malware emails falsely claim to come from Chase Paymentech, Citibank and other financial entities. As with the Bank of America version, attachments to the emails contain malware.
If you receive one of these emails, do not open any attachments or click on any links that it contains.
Last updated: July 23, 2013
First published: July 23, 2013
By Brett M. Christensen
Chase Paymentech 'Merchant Billing Statement' Malware Email
Citibank Paymentech Billing Statement Malware Emails