Fake Credit Card Overdue Emails Distribute Scareware

Security researchers warn that wave of fake emails posing as overdue credit card bill notifications distribute scareware programs.

The campaign was spotted by experts from M86 Security who note that the rogue messages don't mention any particular credit card brand or bank in an attempt to entice more victims.

The messages purport to come from a "Notification robot" and bear a subject of "Credit Card Overdue." The body text reads:

"Dear client, Your Credit Card is one-week overdue. Below is your Card Information [customer number], [card limit], [pay date].

"Attached is Your Credit Card Statement, if You pay the debt within 2 days, there will be no extra-charges. In 2 days $25 late fee and a finance charge will be imposed on your account.

"If You have any questions, do not hesitate to contact us."

The use of capitalized You throughout the text and other mistakes suggests that this spam run is the work of a non-English speaker, however, some recipients might not immediately realize this.

The attachment is called "Customer details.zip" and contains an executable file with the same name and an Adobe PDF icon.

The file is actually a trojan downloader which, if executed, installs a piece of scareware called Windows XP Repair. Victims are then prompted with a fake HDD error which asks them to reboot their computer.

After restart, the rogue program displays a fake PC performance and stability scan and claims to identify multiple problems with the system. They are obviously fake, but attempting to fixing any of them prompts users to acquire a license.

"Spammers are constantly inventing new social engineering themes in an effort to distribute their malware. Targeting credit card holders, especially in this tough economy, is just another theme in their portfolio," the M86 researchers note.

Users should exercise caution when dealing with email attachments. All such files should be scanned with multiple antivirus engines before opening them in order to determine if they are infected. Services like VirusTotal.com can help with that.