Thank You for Scheduling a Payment to Bill Me Later - PayPal Virus Email

Thank You for Scheduling a Payment to Bill Me Later - PayPal Virus Email

Would you share this article with others to help inform them?

The email message below: "Thank you for scheduling a payment to Bill Me Later," which claims that the recipient made a payment online of $1958.80 (the amount may change), and it was applied his/her account, is a fake. This email message was not sent by PayPal BillMeLater, but by cybercriminals, whose intention is to trick the recipients into opening the malicious attachment, which will infect their computers with a virus or Trojan.

The Malicious Email: Thank you for scheduling a payment to Bill Me Later

BillMeLater Virus Email Message
Dear Customer,

Thank you for making a payment online! We've received your Bill Me Later® payment of $1958.80 and have applied it to your account.

For more details please check attached file


Your Bill Me Later Account Number Ending in: 0653
You Paid: $1958.80

Your Payment Date*: 01/20/2014
Your Payment Confirmation Number: 579471890749681597

Don't forget, Bill Me Later is the perfect way to shop when you want more time to pay for the stuff you need. Plus, you can always find great deals and discounts at over 1000 stores. Watch this short, fun video to learn more.

*NOTE: If your payment date is Saturday, or a holiday, it will take an additional day for the payment to appear on your account. However, you will be credited for the payment as of the payment date.

This email attachment, "PP_03357442.zip", contains the virus file "PP_03357442.exe". This is the file that will infect your computer if you open it. The cybercriminals may change the name of this file.

Very importantly, the attachment looks like an Adobe Acrobat Read document, which will trick a lot of persons into clicking on it.

BillMeLater Virus Attachment Disguised as a PDF document

So, because the file looks like an Adobe Acrobat Read document it doesn’t mean that it is.

When we scanned this file, the following threats were detected:

  • PE:Malware.FakePDF@CV!1.9C28
  • TROJ_GEN.F0D1H00AK14

Once your computer has become infected with this malicious Trojan horse, cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.

Now, if you have already opened the malicious “PP_03357442.exe”, please do a full scan of your computer with the antivirus software installed on it.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

Never open an attachment that has a name ending with “.exe”, because these are computer programs that can infect your computer with a virus or some other malware.

For a list of email attachments that you should not open, please click here.

Note: Some of the names, addresses, email addresses and telephone numbers in email samples on this website may have been impersonated.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
(Total: 0)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews. Also, anonymous posts cannot be deleted or edited, and when you make a post, we will use your IP address to display your approximate location to other users.

Write Your Comment, Question, Answer, or Review
Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.

Your comment, question or review will be posted as an anonymous user because you are not signed in. Sign-in.

Thank You for Scheduling a Payment to Bill Me Later - PayPal Virus Email