Alerts left arrow right arrow   

Thank You for Scheduling a Payment to Bill Me Later - PayPal Virus Email

Comments  +
Thank You for Scheduling a Payment to Bill Me Later - PayPal Virus Email

The email message below: "Thank you for scheduling a payment to Bill Me Later," which claims that the recipient made a payment online of $1958.80 (the amount may change), and it was applied his/her account, is a fake. This email message was not sent by PayPal BillMeLater, but by cybercriminals, whose intention is to trick the recipients into opening the malicious attachment, which will infect their computers with a virus or Trojan.

The Malicious Email: Thank you for scheduling a payment to Bill Me Later

BillMeLater Virus Email Message
Dear Customer,

Thank you for making a payment online! We've received your Bill Me Later® payment of $1958.80 and have applied it to your account.

For more details please check attached file


Your Bill Me Later Account Number Ending in: 0653
You Paid: $1958.80

Your Payment Date*: 01/20/2014
Your Payment Confirmation Number: 579471890749681597

Don't forget, Bill Me Later is the perfect way to shop when you want more time to pay for the stuff you need. Plus, you can always find great deals and discounts at over 1000 stores. Watch this short, fun video to learn more.

*NOTE: If your payment date is Saturday, or a holiday, it will take an additional day for the payment to appear on your account. However, you will be credited for the payment as of the payment date.

This email attachment, "", contains the virus file "PP_03357442.exe". This is the file that will infect your computer if you open it. The cybercriminals may change the name of this file.

Very importantly, the attachment looks like an Adobe Acrobat Read document, which will trick a lot of persons into clicking on it.

BillMeLater Virus Attachment Disguised as a PDF document

So, because the file looks like an Adobe Acrobat Read document it doesn’t mean that it is.

When we scanned this file, the following threats were detected:

  • PE:Malware.FakePDF@CV!1.9C28
  • TROJ_GEN.F0D1H00AK14

Once your computer has become infected with this malicious Trojan horse, cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.

Now, if you have already opened the malicious “PP_03357442.exe”, please do a full scan of your computer with the antivirus software installed on it.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

Never open an attachment that has a name ending with “.exe”, because these are computer programs that can infect your computer with a virus or some other malware.

For a list of email attachments that you should not open, please click here.

Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward malicious or phishing email messages to us at the following email address:

Comments, Questions and Reviews

Comment(Total: 0)

Write a Comment, Review, or ask a Question or scroll down to view comments, reviews and questions made by others.

Would you recommend this article to a friend or family member?
Yes (1) No (0)   

Submit Comment Write Your Comment, Question or Review

Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.
All comments, questions or reviews will be examined for derogatory or indecent statements, spam or malicous code, before they are posted on this website.

More for you:
Warning! JavaScript is turned off or disabled! Some features on this website will not work.