Credit card one week overdue? Malware disguises itself in spam attack

Filed Under: Malware, Spam

Credit cardHave you received an unexpected email telling you that your credit card is one week overdue, and that you must pay the debt within two days or face additional charges?

Well, don't rush to open the attached file - or your computer could be struck by a malware attack.

The emails, which have been spammed out widely, try to frighten you into opening an attached file called

Overdue credit card malicious email

Dear Customer,

Your Credit Card is one week overdue.
Below your Card information

Customer 0066594169
Card Limit XXXXXX
Pay Date 27 Jun 2011

The details are attached to this e-mail.
Please read the financial statement properly.

If you pay the debt within 2 days, there will be no extra-charges.
In 2 days $25 late fee and a finance charge will be imposed on your account.

Please do not reply to this email, it's automatic mail notification.
Thank you.

Note that the customer number quoted in the email appears to be randomly chosen, so may differ in the emails you receive.

Subject lines which have been used in the malware campaign include "Your financial debt overdue", "Payment by credit card overdue", "Credit Card is one week overdue", "Credit card payment of overstayed", and "Credit card overdue".

If you do make the mistake of opening the attached file, you run the risk of infecting your Windows computer with malware that Sophos detects as Troj/Invo-Zip.

Cybercriminals use social engineering tricks to fool you into making unwise decisions.

Whether it's making you believe that you're about to see a sexy video, win a pair of free air tickets or discover what company has been debiting your credit card, the intention is the same with malware attacks like this - to dupe you into running dangerous code on your computer.

Sophos products intercept the malicious emails as both malware and spam.

, ,

You might like

5 Responses to Credit card one week overdue? Malware disguises itself in spam attack

  1. Hmmm · 1498 days ago

    Next week, Naked Security is renamed "Facebook Scam Warning Service - A service for people who don't know how to spot a simple scam on Facebook and need to be reminded every day that a new scam is available."

  2. sdc11cds · 1498 days ago


    The customer number is the format used in Switzerland for mobile numbers :D

  3. Maria Arenillas · 1492 days ago

    Thanks for this post on malware hidden within email spam. Malware can be hidden in a number of places, including familiar websites, emails and social networks. We advise our users to always have security software to scan emails for potential threats. For free security solutions or to join the discussion on online security, why not pay us a visit at

    Maria Arenillas
    Community Manager at AVG

    • Internaut · 1147 days ago

      Finally! A positive response that doesn't have the author flaming those that are not as educated in the particular field of computer security... even if your response verges on spam.

      It's hard to find positive, helpful, educational, and sensible responses between the "idiots", "brainless", and so on remarks about those who simply are not up to the authors level (thank God).

  4. Tony Fisk · 1014 days ago

    Internaut - Agreed.

    Whilst it is perfectly acceptable to be privately smug about one's own knowledge of the subject, posting it in public just makes the author look a d**k.

    Hubris invites its own reward.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley