Payment request from Colt Defence phishing scam

These spambastards are at it again! I have just started receiving phishing emails with the subject line, payment request from “Cold Defense”. I suspect there will be lots of payment request from “add company name here” emails in the next few days, so if you receive a phishing email with a similar subject line, with a zip file attached, DON’T OPEN THE ZIP FILE!

The email details:

Subject Line - payment request from “Colt Defense”

From: Customer Support [message6232276id@bankmailingsystem.com]

Attachment: module.zip [16KB]

We recorded a payment request from “Colt Defense” to enable the charge of $58.98 on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Colt Defense”.

If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

Don’t open the zip file - simply delete the email. If you have a couple of minutes to add a comment to let us know if you received one from Colt Defence, or from another company, we’d be grateful for your time.

Update: We have received contacts from readers concerning more payment request phishing emails with different companies used - the ones we are aware of have been listed below:

payment request from “Alexander & Baldwin”
payment request from “KPMG”
payment request from “Goodyear tire and rubber Company”
payment request from “Visa Inc.”
payment request from “Control Data Corporation”
payment request from “Silicon Graphics”
payment request from “Applebee’s”
payment request from “Bearing Point”
payment request from “Doculabs”
payment request from “Eastman Chemical Company”
payment request from “Burger King Corporation”
payment request for “Verizon Wireless”
payment request for “Johnson Controls”
payment request from “Procter & Gamble”
payment request from “Alliant Techsystems”
payment request from “Martin Marietta Materials”
payment request from “NCR Corporation”

(There are so many coming in, I can’t keep adding them to this article, but all the comments have them listed below).

If you have more examples, please let us know.

29 Responses to “Payment request from Colt Defence phishing scam”

SAWCO Says:

I just recieved one for over 8K from
Customer Support [noreply@bankreport.com]
same exact message.

Lisa Anderson Says:

Mine payment request phishing email was from Bearing Point for $887.39! And completely freaked me out.
Thanks for your info, I will delete email immediately.
Nov. 17, 2009

Martin Says:

I received the same e-mail but from two different companies.
payment request from “Silicon Graphics”
payment request from “Applebee’s”
Thanks!

C. Ockerse Says:

Received identical payment request email from “Control Data Corporation” saying I enabled a charge of $68.17 on my account. So irritating.

Len Says:

Just received something similar. Got the following:

Subject: payment request from “Visa Inc.”

We recorded a payment request from “Visa Inc.” to enable the charge of $92.84 on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Visa Inc.”.

If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

Franz Says:

I received exactly the same from “Goodyear tire and rubber Company”

mark Turk Says:

Just recieved email subject line: payment request from “KPMG”
We recorded a payment request from “KPMG” to enable the charge of $499.03 on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “KPMG”.

If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).
This is a new version of the Colt email

RJ Louie Says:

Received one entitled “payment request from “Alexander & Baldwin”

Sneaky since that’s a real company.

Jo Says:

We recorded a payment request from “Procter & Gamble” to enable the charge of $3463.81 on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Procter & Gamble”.

If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

This received today….from the same people.

Mike Says:

I’ve had three this morning:
payment request from “Burger King Corporation” for $4536.42
payment request for “Verizon Wireless” for $1938.75
payment request for “Johnson Controls” for $74.33

Jeffrey Jenner Says:

Just received one: payment request from “New Balance”

Mike Says:

Had another two, thats five today:
payment request from “AT&T” charge of $579.05
payment from “Zappos” charge of $048.61

Not one of the requests are for UK companies where I am based

I know the feeling Mike, they are still coming thick and fast, just had another one:
payment request from “HDC Surveys”. BM

Phil Says:

Below was received this morning;

Customer Support [message29829id@bankmailing.com]

We recorded a payment request from “Zapata” to enable the charge of $8377.24 on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Zapata”.

If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

The Big Man Says:

The latest: payment request from “ACN Inc” - payment request from “DuPont” - payment request from “Cognizant Technology Solutions”.

Rhonda Says:

Payment request from “McDonald’s Corporation”

Jamie Says:

Had multiples today (18th Nov 2009)
All from “Customer Support” (varied source IP / address’s)

“Kurzweil Educational Systems” to enable the charge of $74.59
“Belkin” to enable the charge of $684.24
“Beazer Homes USA” to enable the charge of $99.36
“Chrysler” to enable the charge of $2021.79
“American Eagle Outfitters” to enable the charge of $245.15

Bob Says:

I think you’ll be more interested in the host header info. I get the same emails.

Microsoft Mail Internet Headers Version 2.0
Received: from mvx-200-142-118-184.mundivox.com ([200.142.118.184]) by mail.wcwinc.us with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 18 Nov 2009 14:04:38 -0500
Received: from 200.142.118.184 by ns.microscopy.com; Wed, 18 Nov 2009 17:04:08 -0300
Date: Wed, 18 Nov 2009 17:04:08 -0300
From: “Customer Support”
X-Mailer: The Bat! (v2.00.3) Educational
Reply-To: trilogyt6@sparc5.microscopy.com
X-Priority: 3 (Normal)
Message-ID:
To: bob.nesbitt@wcwinc.us
Subject: payment request from “Baker Hughes”
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”———-149E1B42BD8901D”
Return-Path: trilogyt6@sparc5.microscopy.com
X-OriginalArrivalTime: 18 Nov 2009 19:04:39.0161 (UTC) FILETIME=[FA394E90:01CA6881]

————149E1B42BD8901D
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

————149E1B42BD8901D
Content-Type: application/zip; name=”module.zip”
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=”module.zip”

————149E1B42BD8901D–

Thomas Mann Says:

I’ve just received three e-mails identical to the ones you describe, all headed “Customer Support” with the following companies mentioned:

payment request from “Benchmark Electronics”
payment request from “KBR”
payment request from “Journal Communications”

regards
Tom Mann

Leigh Johnson Says:

New variant of phishing virus - titled
‘We recorded a payment request from “Sterling Commerce”‘ with module.zip attachment

Jeff Wiley Says:

Recieved the same scam saying they were from pepsi cola and were charging my account. My antivirus program caught and deleted it quick.

jo Says:

I have recieved these emails about “cartoon network” “dish network” “border group” “AMR” “conocophillips” and “ariba”

Wendy Kimbel Says:

One of the attorneys for whom I work has been receiving these all week. His follow the pattern described above, using Cisco Sytems, Inc. as the company name.

Beachbarbarb Says:

Anything with a zip file and you don’t know the sender…delete delete delete!

cli820461277 Says:

“hello,
This is about online payment.There is a massive change underway in the mobile media market as it becomes unshackled from the operators’ portals that have dominated it for a decade, all without having made any significant inroads into the content use of mobile users. The new capped data packages, fuelled by further competition, will see a total revamp of the mobile media market. It will no longer be based on portals but on direct services by content and services providers via open source phones and mobile-friendly Internet-based services. The next step is the continued emergence of m-commerce and in particular m-payment services. 
regards
hazz.hazz”

Neil McN Says:

Should also add Hyland Software to the list of companies. (what a total bunch of tossers these people are!)

Emma Says:

Very good blog, Thanks for sharing! Just discovered this inspiring quote and wish to share - “Success is 99 percent failure.” Have a wonderful day! Thanks Emma, I have a quote for you as well - “Stop trying to spam my blog you moronic spam bastard!” Attributed to the Big Man, this morning.

Einkaufstrolleys Says:

Between me and my husband we’ve owned more MP3 players over the years than I can count, including Sansas, iRivers, iPods (classic & touch), the Ibiza Rhapsody, etc. But, the last few years I’ve settled down to one line of players. Why? Because I was happy to discover how well-designed and fun to use the underappreciated (and widely mocked) Zunes are. I think you’re leaving a comment on the wrong blog item, Hanken, this has bugger-all to do with Zunes! If your intention was to leave a spam comment, here’s a wee tip - remember to add a link to your post………… Not that I would have included it anyway! :) BM

Greg Says:

Today’s was from eBay - $666.10!

Wakana Says:

like greg, i got one from “ebay” and exactly same amount!

Leave a Reply





SEO Blog

SEO Blog

The Big Man's SEO blog is primarily aimed at website owners looking for ethical SEO tips, optimisation advice and who are interested in reading articles and opinions related to search engines, the internet, technology and software.