Phishing Alert: Fake Citibank Email Claiming to be Billing Statement Entices Users to Open Harmful ZIP Attachment

Friday, May 3, 2013

Computing Services and Systems Development (CSSD) is responding to another email phishing scam being received by members of the University community. The email claims to contain a "merchant billing statement" as an attached zip file.

The zip file contains harmful software. Do not open it. Phishing scammers have recently been using encrypted zip files to deliver malicious files via email because it helps bypass anti-virus programs that scan zip files.

If you receive this message (or any message similar to it), delete it without replying, opening any attachments, or clicking on any links within the emails. The following is a sample of the recent fraudulent email:

* * * * * * * * * * * * * * * * SAMPLE * * * * * * * * * * * * * * *

Subject: Merchant Statement
From: Paymentech Statement

Attached is your Citibank Paymentech electronic Merchant Billing Statement. If you need assistance, please contact your Account Executive or call Merchant Services at the telephone number listed on your statement. PLEASE DO NOT RESPOND BY USING REPLY. This email is sent from an unmonitored email address, and your response will not be received by Citibank Paymentech. Citibank Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Citibank Paymentech's or the Merchant's email service or otherwise. Citibank Paymentech recommends that Merchants continue to monitor their statement information regularly. ---------- Learn more about Citibank Paymentech Solutions, LLC payment processing services at [web address removed]. ---------- THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer.

* * * * * * * * * * * * * * END SAMPLE* * * * * * * * * * * * * *

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. Symantec Endpoint Protection can be downloaded at no cost through the Software Download Service at My Pitt (my.pitt.edu).


Get Help