Beware “Payment/transaction notification” malware emails

ByBrett Christensen

Cybercriminals use many methods to trick people into installing malware.

One common method that criminals use to distribute malware is to send out fake payment notification emails.

Often, the emails claim that recipients have recently made a payment for a particular product or service and should click a link or open an attached file to read more details about the payment.

Alternatively, the emails may claim that a recent payment has failed or been rejected by a financial institution. Again, recipients are instructed to open an attachment or follow a link to access more information about the supposed failed payment.

Or, the emails may masquerade as upcoming bills for products or services and ask recipients to click a link or open an attachment to make the payment. The messages may claim that the bill is overdue and must be paid immediately to avoid penalties.

Some of these malware messages are quite crude and consist of just a few lines of text. Others are considerably more sophisticated and may feature professional formatting, the logos of the targeted company, and even secondary links that open the company’s genuine website.

barclays-transaction-scam

An example targeting Barclays Bank notifying the victim of a “transaction”. The attachment contains malware.

But, regardless of their appearance or level of sophistication, the purpose of these emails is simply to panic people into clicking links or opening attachments – and thereby installing the malware payload – without due caution. Such simple social engineering tricks can be very effective.


Sponsored Content. Continued below...




Recipients may believe that their credit card numbers or online accounts have been used to conduct fraudulent transactions. Or, they may think that transaction or banking errors have occurred. Either way, recipients may be compelled to follow the instructions in the emails in the hope of finding out more details and dealing with the perceived problem.

The malware payloads in these emails may vary. Typically however, once installed, such malware may download even more malware, steal information such as passwords from the compromised computer, and allow criminals to access and control the computer from afar.


Sponsored Content. Continued below...




Be wary of any unsolicited email that claims to contain information about a supposed payment or invoice. Of course, many companies do send payment notifications via email. Often, emailed bills will be included as attached files, usually as PDF’s. But, if you do receive bills from a company via email, ensure that any messages you receive really are from the company before you open any attachments or click any links.

And, certainly, watch out for emails that discuss transactions that you know nothing about or appear to come from companies that you have not recently done business with.

If you receive such an email, do not click any links or open any attachments that it contains.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)