The email message below: "Thank you for scheduling a payment to Bill Me Later," which claims that the recipient made a payment online of $1958.80 (the amount may change), and it was applied his/her account, is a fake. This email message was not sent by PayPal BillMeLater, but by cybercriminals, whose intention is to trick the recipients into opening the malicious attachment, which will infect their computers with a virus or Trojan.
The Malicious Email: Thank you for scheduling a payment to Bill Me Later
Dear Customer,
Thank you for making a payment online! We've received your Bill Me Later® payment of $1958.80 and have applied it to your account.
For more details please check attached file
Summary:
Your Bill Me Later Account Number Ending in: 0653
You Paid: $1958.80
Your Payment Date*: 01/20/2014
Your Payment Confirmation Number: 579471890749681597
Don't forget, Bill Me Later is the perfect way to shop when you want more time to pay for the stuff you need. Plus, you can always find great deals and discounts at over 1000 stores. Watch this short, fun video to learn more.
*NOTE: If your payment date is Saturday, or a holiday, it will take an additional day for the payment to appear on your account. However, you will be credited for the payment as of the payment date.
This email attachment, "PP_03357442.zip", contains the virus file "PP_03357442.exe". This is the file that will infect your computer if you open it. The cybercriminals may change the name of this file.
Very importantly, the attachment looks like an Adobe Acrobat Read document, which will trick a lot of persons into clicking on it.
So, because the file looks like an Adobe Acrobat Read document it doesn’t mean that it is.
When we scanned this file, the following threats were detected:
- PE:Malware.FakePDF@CV!1.9C28
- TROJ_GEN.F0D1H00AK14
Once your computer has become infected with this malicious Trojan horse, cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.
Now, if you have already opened the malicious “PP_03357442.exe”, please do a full scan of your computer with the antivirus software installed on it.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
Never open an attachment that has a name ending with “.exe”, because these are computer programs that can infect your computer with a virus or some other malware.
For a list of email attachments that you should not open, please click here.