Previous    Next
Warning: JavaScript is turned off! Some features on this website will not work without it.

Thank You for Scheduling a Payment to Bill Me Later - PayPal Virus Email

Thank You for Scheduling a Payment to Bill Me Later - PayPal Virus Email

The email message below: "Thank you for scheduling a payment to Bill Me Later," which claims that the recipient made a payment online of $1958.80 (the amount may change), and it was applied his/her account, is a fake. This email message was not sent by PayPal BillMeLater, but by cybercriminals, whose intention is to trick the recipients into opening the malicious attachment, which will infect their computers with a virus or Trojan.

Please continue reading below.

The Malicious Email: Thank you for scheduling a payment to Bill Me Later

BillMeLater Virus Email Message
Dear Customer,

Thank you for making a payment online! We've received your Bill Me Later® payment of $1958.80 and have applied it to your account.

For more details please check attached file


Your Bill Me Later Account Number Ending in: 0653
You Paid: $1958.80

Your Payment Date*: 01/20/2014
Your Payment Confirmation Number: 579471890749681597

Don't forget, Bill Me Later is the perfect way to shop when you want more time to pay for the stuff you need. Plus, you can always find great deals and discounts at over 1000 stores. Watch this short, fun video to learn more.

*NOTE: If your payment date is Saturday, or a holiday, it will take an additional day for the payment to appear on your account. However, you will be credited for the payment as of the payment date.

This email attachment, "", contains the virus file "PP_03357442.exe". This is the file that will infect your computer if you open it. The cybercriminals may change the name of this file.

Very importantly, the attachment looks like an Adobe Acrobat Read document, which will trick a lot of persons into clicking on it.

BillMeLater Virus Attachment Disguised as a PDF document

So, because the file looks like an Adobe Acrobat Read document it doesn’t mean that it is.

When we scanned this file, the following threats were detected:

  • PE:Malware.FakePDF@CV!1.9C28
  • TROJ_GEN.F0D1H00AK14

Once your computer has become infected with this malicious Trojan horse, cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.

Now, if you have already opened the malicious “PP_03357442.exe”, please do a full scan of your computer with the antivirus software installed on it.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

Never open an attachment that has a name ending with “.exe”, because these are computer programs that can infect your computer with a virus or some other malware.

For a list of email attachments that you should not open, please click here.

Please share with us what you know or ask a question about this article, by leaving a comment below. And, forward malicious email messages to us using the following email address: .

Tell us if you LIKE this article by clicking the following thumbs-up, or click the thumbs-down if you dislike it:

       Rating - Thumb up          Rating - Thumb down 0   
Alert and help your family and friends by sharing this article with them:
Submit Your Comment or Question

Submit your comment or question in the box below to share what you know or to get answers about this article.

CommentComments or Questions (0)