Unpaid Invoice Notification - Malicious Email that Links to Angler Exploit

Unpaid Invoice Notification - Malicious Email that Links to Angler Exploit

The fake email message below with the subject: "Unpaid Invoice Notification" or with other subject lines, has a link to malicious websites hosting the Angler Exploit Toolkit. The fake message was designed to trick the recipients into clicking on the link in the message, by claiming they have unpaid bills and they must pay or else legal action will be taken against them.

The Angler Exploit is an attack toolkit that allows the remote attacker to perform various malicious actions on a compromised computer.

The Fake and Malicious Email

From: Christie Foley [christie.foley @badinsky.sk]
Date: 16 September 2014 13:55
Subject: Unpaid invoice notification

We are writing to you about fact, despite previous reminders, there remains an outstanding amount of GBP 278.59 in respect of the invoice(s) contained in current letter . This was due for payment on 26 August, 2014.

Our credit terms stipulate full payment within 3 days and this amount is now more than 14 days overdue.The total amount due from you is therefore GBP 308.43

If the full amount of the sum outstanding, as set above, is not paid within 7 days of the date of this email, we shall have to begin legal action, without warning, for a court order requiring payment. We may also commence insolvency proceedings. Legal proceedings can take effect on any credit rating. The costs of legal proceedings and any other amounts which the court orders must also be paid in addition to the debt.

This email is being sent to you according to the Practice Direction on Pre-Action Conduct (the PDPAC) contained in the Civil Procedure Rules, The court has the power to sanction your continuing decline to respond.

To view the the original invoice please follow link

We immediate answer to this email.

Sincerely, Christie Foley.

The security and confidentiality of your personal information is important for us. If you have any questions, please either call the toll-free customer service phone number.

© 2014, All rights reserved

This email message may come with different subject lines. Here are some other subject lines:

  • [IMPORTANT] Invoice overdue notification
  • [IMPORTANT] Invoice overdue
  • [IMPORTANT] Recent invoice unpaid
  • [IMPORTANT] Unpaid invoice notification
  • Last letter before commencing legal action

If the recipients click on the malicious link in the email message, they will be taken to the malicious websites below hosting the malicious Angler Exploit Toolkit:

  • tiragreene.com/aspnet_client/system_web/ 4_0_30319/invoice_unn.html
  • 108.174.58 .239:8080/ wn8omxftff
  • 109.232.105 .106:8080/ xolbnl9ehz

The toolkit will check the recipients' computers for vulnerabilities, and if any is found, will attack and infect the computers by taking advantage of the outdated or unpatched software on the recipients' computers.

Once their computers have become infected with this malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of their computers remotely from anywhere around the world. They may spy on them, use their computers to commit cybercrimes, or steal their personal and financial information.

Now, if you have already clicked on the link in the malicious email message, please do a full scan of your computer with the antivirus software installed on it.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

For a list of other malicious email messages, please click here.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Was this article helpful?  +
Share this with others:

Comments, Questions, Answers, or Reviews

There are no comments as yet, please leave one below or revisit.

To protect your privacy, please remove sensitive information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

Write Your Comment, Question, Answer, or Review

Unpaid Invoice Notification - Malicious Email that Links to Angler Exploit