Sponsored by..

Tuesday, 16 September 2014

"Unpaid invoice notification" spam leads to Angler Exploit Kit

This convincing-looking but fake spam leads to an exploit kit.

From:     Christie Foley [christie.foley@badinsky.sk]
Reply-to:     Christie Foley [christie.foley@badinsky.sk]
Date:     16 September 2014 13:55
Subject:     Unpaid invoice notification

We are writing to you about fact, despite previous reminders, there remains an outstanding amount of GBP 278.59 in respect of the invoice(s) contained in current letter . This was due for payment on 26 August, 2014.
    Our credit terms stipulate full payment within 3 days and this amount is now more than 14 days overdue.The total amount due from you is therefore GBP 308.43

    If the full amount of the sum outstanding, as set above, is not paid within 7 days of the date of this email, we shall have to begin legal action, without warning, for a court order requiring payment. We may also commence insolvency proceedings. Legal proceedings can take effect on any credit rating. The costs of legal proceedings and any other amounts which the court orders must also be paid in addition to the debt.

    This email is being sent to you according to the Practice Direction on Pre-Action Conduct (the PDPAC) contained in the Civil Procedure Rules, The court has the power to sanction your continuing decline to respond.

To view the the original invoice please follow link

  We immediate answer to this email.

Sincerely, Christie Foley.

The security and confidentiality of your personal information is important for us. If you have any questions, please either call the toll-free customer service phone number.
© 2014, All rights reserved

The link in the email goes to:
[donotclick]tiragreene.com/aspnet_client/system_web/4_0_30319/invoice_unn.html

Which in turn goes to an Angler EK landing page at:
[donotclick]108.174.58.239:8080/wn8omxftff

You can see the URLquery report for the EK here. I would strongly recommend blocking web traffic to 108.174.58.239 (ColoCrossing, US).

UPDATE 2014-09-17:

A second round of these is doing the rounds, leading to an exploit kit on [donotclick]109.232.105.106:8080/xolbnl9ehz (report) so I also recommend blocking 109.232.105.106 (Thyphone Communications, Russia)

The content of the email is essentially the same, but the subject and sender vary. Here are some examples:

[IMPORTANT] Invoice overdue notification
[IMPORTANT] Unpaid invoice notification
Last letter before commencing legal action
[IMPORTANT] Invoice overdue

[IMPORTANT] Recent invoice unpaid

Carmelo Erickson
Rosie Robertson
Tabitha Patterson
Phil Bates

Luisa Maso



8 comments:

Unknown said...

We are writing to you about fact, despite previous reminders, there remains an outstanding amount of GBP 280.80 in respect of the invoice(s) contained in this email . This was due for payment on 31 August, 2014.
Our credit terms stipulate full payment within 3 days and this amount is now 14 days overdue.The total amount due from you is therefore GBP 316.84

If the full amount of the sum outstanding, as set above, is not paid within 7 days of the date of this email, we will begin legal action, without warning, for a court order requiring payment. We may also commence insolvency proceedings. Legal proceedings can affect any credit rating. The costs of legal proceedings and any other amounts which the court orders must also be paid in addition to the debt.

This email is being sent to you according to the Practice Direction on Pre-Action Conduct (the PDPAC) contained in the Civil Procedure Rules, The court has the power to sanction your continuing failure to respond.

To view the the original invoice please follow link
We await fast answer to this email.
Regards, Natasha Roth.

Unknown said...

A new name to the list:
Natasha Roth

mow the lawn said...

Got one as well.
Another name is Martina Sargent.

1085255868 said...

Got an e-mail as well, Another name - Mandy Tanner

Ihatespammers said...

And another: Thelma Hensley

Unknown said...
This comment has been removed by the author.
allyt said...

I have received one from "Hilton Russell" for "outstanding amount of GBP 270.82 in respect of the invoice(s) contained in this letter . This was due for payment on 26 September, 2014.
Our credit terms stipulate full payment within 3 days and this amount is now 14 days overdue.The total amount due from you is therefore GBP 372.70"

Has zip file attached

BWake said...

Another name
We are writing to you about fact, despite previous reminders, there = remains an outstanding amount of USD 5920,96 in respect of the =
invoice(s) contained in this letter. This was due for payment on 25 = April, 2016.

Our credit terms stipulate full payment within 3 days and this amount is = now more than 14 days overdue.
The total amount due from you is therefore USD 5920,96

If the full amount of the sum outstanding, as set above, is not paid = within 7 days of the date of this email, we shall have to begin legal = action, without warning, for a court order requiring payment. We may = also commence insolvency proceedings. Legal proceedings may take affect = on any credit rating. The costs of legal proceedings and any other = amounts which the court orders must also be paid in addition to the = debt.

This email is being sent to you according to the Practice Direction on = Pre-Action Conduct (the PDPAC) contained in the Civil Procedure Rules, = The court has the power to sanction your continuing decline to respond.

To view the the original invoice in the attachment please use Adobe = Reader.

We await your prompt reaction to this email.

Yours sincerely,

Zachary Huffman

Continental Materials Corporation
1(369)218-1106 Ext: 317
1(369) 375-8272