Unpaid Invoice Notification - Malicious Email that Links to Angler Exploit
The fake email message below with the subject: "Unpaid Invoice Notification" or with other subject lines, has a link to malicious websites hosting the Angler Exploit Toolkit. The fake message was designed to trick the recipients into clicking on the link in the message, by claiming they have unpaid bills and they must pay or else legal action will be taken against them.
The Angler Exploit is an attack toolkit that allows the remote attacker to perform various malicious actions on a compromised computer.
The Fake and Malicious Email
From: Christie Foley [christie.foley @badinsky.sk]
Date: 16 September 2014 13:55
Subject: Unpaid invoice notificationWe are writing to you about fact, despite previous reminders, there remains an outstanding amount of GBP 278.59 in respect of the invoice(s) contained in current letter . This was due for payment on 26 August, 2014.
Our credit terms stipulate full payment within 3 days and this amount is now more than 14 days overdue.The total amount due from you is therefore GBP 308.43
If the full amount of the sum outstanding, as set above, is not paid within 7 days of the date of this email, we shall have to begin legal action, without warning, for a court order requiring payment. We may also commence insolvency proceedings. Legal proceedings can take effect on any credit rating. The costs of legal proceedings and any other amounts which the court orders must also be paid in addition to the debt.
This email is being sent to you according to the Practice Direction on Pre-Action Conduct (the PDPAC) contained in the Civil Procedure Rules, The court has the power to sanction your continuing decline to respond.
To view the the original invoice please follow link
We immediate answer to this email.
Sincerely, Christie Foley.
The security and confidentiality of your personal information is important for us. If you have any questions, please either call the toll-free customer service phone number.
© 2014, All rights reserved
This email message may come with different subject lines. Here are some other subject lines:
- [IMPORTANT] Invoice overdue notification
- [IMPORTANT] Invoice overdue
- [IMPORTANT] Recent invoice unpaid
- [IMPORTANT] Unpaid invoice notification
- Last letter before commencing legal action
If the recipients click on the malicious link in the email message, they will be taken to the malicious websites below hosting the malicious Angler Exploit Toolkit:
- tiragreene.com/aspnet_client/system_web/ 4_0_30319/invoice_unn.html
- 108.174.58 .239:8080/ wn8omxftff
- 109.232.105 .106:8080/ xolbnl9ehz
The toolkit will check the recipients' computers for vulnerabilities, and if any is found, will attack and infect the computers by taking advantage of the outdated or unpatched software on the recipients' computers.
Once their computers have become infected with this malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of their computers remotely from anywhere around the world. They may spy on them, use their computers to commit cybercrimes, or steal their personal and financial information.
Now, if you have already clicked on the link in the malicious email message, please do a full scan of your computer with the antivirus software installed on it.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
For a list of other malicious email messages, please click here.
Check the comment section for additional information, or share what you know or ask a question about this article, by clicking the 'View or Write Comment' button below.
Note: Some of the information in samples on this website may have been impersonated or spoofed.