Payment request from Colt Defence phishing scam
These spambastards are at it again! I have just started receiving phishing emails with the subject line, payment request from “Cold Defense”. I suspect there will be lots of payment request from “add company name here” emails in the next few days, so if you receive a phishing email with a similar subject line, with a zip file attached, DON’T OPEN THE ZIP FILE!
The email details:
Subject Line - payment request from “Colt Defense”
From: Customer Support [message6232276id@bankmailingsystem.com]
Attachment: module.zip [16KB]
We recorded a payment request from “Colt Defense” to enable the charge of $58.98 on your account.
The payment is pending for the moment.
If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Colt Defense”.
If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).
Don’t open the zip file - simply delete the email. If you have a couple of minutes to add a comment to let us know if you received one from Colt Defence, or from another company, we’d be grateful for your time.
Update: We have received contacts from readers concerning more payment request phishing emails with different companies used - the ones we are aware of have been listed below:
payment request from “Alexander & Baldwin”
payment request from “KPMG”
payment request from “Goodyear tire and rubber Company”
payment request from “Visa Inc.”
payment request from “Control Data Corporation”
payment request from “Silicon Graphics”
payment request from “Applebee’s”
payment request from “Bearing Point”
payment request from “Doculabs”
payment request from “Eastman Chemical Company”
payment request from “Burger King Corporation”
payment request for “Verizon Wireless”
payment request for “Johnson Controls”
payment request from “Procter & Gamble”
payment request from “Alliant Techsystems”
payment request from “Martin Marietta Materials”
payment request from “NCR Corporation”
(There are so many coming in, I can’t keep adding them to this article, but all the comments have them listed below).
If you have more examples, please let us know.
29 Responses to “Payment request from Colt Defence phishing scam”
November 17th, 2009 at 5:00 pm
I just recieved one for over 8K from
Customer Support [noreply@bankreport.com]
same exact message.
November 17th, 2009 at 7:14 pm
I received the same e-mail but from two different companies.
payment request from “Silicon Graphics”
payment request from “Applebee’s”
Thanks!
November 17th, 2009 at 7:32 pm
Received identical payment request email from “Control Data Corporation” saying I enabled a charge of $68.17 on my account. So irritating.
November 17th, 2009 at 8:29 pm
Just received something similar. Got the following:
Subject: payment request from “Visa Inc.”
We recorded a payment request from “Visa Inc.” to enable the charge of $92.84 on your account.
The payment is pending for the moment.
If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Visa Inc.”.
If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).
November 17th, 2009 at 8:56 pm
I received exactly the same from “Goodyear tire and rubber Company”
November 17th, 2009 at 9:03 pm
Just recieved email subject line: payment request from “KPMG”
We recorded a payment request from “KPMG” to enable the charge of $499.03 on your account.
The payment is pending for the moment.
If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “KPMG”.
If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).
This is a new version of the Colt email
November 17th, 2009 at 10:14 pm
Received one entitled “payment request from “Alexander & Baldwin”
Sneaky since that’s a real company.
November 18th, 2009 at 9:56 am
We recorded a payment request from “Procter & Gamble” to enable the charge of $3463.81 on your account.
The payment is pending for the moment.
If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Procter & Gamble”.
If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).
This received today….from the same people.
November 18th, 2009 at 10:33 am
I’ve had three this morning:
payment request from “Burger King Corporation” for $4536.42
payment request for “Verizon Wireless” for $1938.75
payment request for “Johnson Controls” for $74.33
November 18th, 2009 at 11:19 am
Just received one: payment request from “New Balance”
November 18th, 2009 at 11:49 am
Had another two, thats five today:
payment request from “AT&T” charge of $579.05
payment from “Zappos” charge of $048.61
Not one of the requests are for UK companies where I am based
I know the feeling Mike, they are still coming thick and fast, just had another one:
payment request from “HDC Surveys”. BM
November 18th, 2009 at 12:19 pm
Below was received this morning;
Customer Support [message29829id@bankmailing.com]
We recorded a payment request from “Zapata” to enable the charge of $8377.24 on your account.
The payment is pending for the moment.
If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as “Zapata”.
If you didn’t make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).
November 18th, 2009 at 12:28 pm
The latest: payment request from “ACN Inc” - payment request from “DuPont” - payment request from “Cognizant Technology Solutions”.
November 18th, 2009 at 4:10 pm
Had multiples today (18th Nov 2009)
All from “Customer Support” (varied source IP / address’s)
“Kurzweil Educational Systems” to enable the charge of $74.59
“Belkin” to enable the charge of $684.24
“Beazer Homes USA” to enable the charge of $99.36
“Chrysler” to enable the charge of $2021.79
“American Eagle Outfitters” to enable the charge of $245.15
November 18th, 2009 at 7:55 pm
I think you’ll be more interested in the host header info. I get the same emails.
Microsoft Mail Internet Headers Version 2.0
Received: from mvx-200-142-118-184.mundivox.com ([200.142.118.184]) by mail.wcwinc.us with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 18 Nov 2009 14:04:38 -0500
Received: from 200.142.118.184 by ns.microscopy.com; Wed, 18 Nov 2009 17:04:08 -0300
Date: Wed, 18 Nov 2009 17:04:08 -0300
From: “Customer Support”
X-Mailer: The Bat! (v2.00.3) Educational
Reply-To: trilogyt6@sparc5.microscopy.com
X-Priority: 3 (Normal)
Message-ID:
To: bob.nesbitt@wcwinc.us
Subject: payment request from “Baker Hughes”
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”———-149E1B42BD8901D”
Return-Path: trilogyt6@sparc5.microscopy.com
X-OriginalArrivalTime: 18 Nov 2009 19:04:39.0161 (UTC) FILETIME=[FA394E90:01CA6881]
————149E1B42BD8901D
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
————149E1B42BD8901D
Content-Type: application/zip; name=”module.zip”
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=”module.zip”
————149E1B42BD8901D–
November 18th, 2009 at 11:24 pm
I’ve just received three e-mails identical to the ones you describe, all headed “Customer Support” with the following companies mentioned:
payment request from “Benchmark Electronics”
payment request from “KBR”
payment request from “Journal Communications”
regards
Tom Mann
November 19th, 2009 at 11:02 am
New variant of phishing virus - titled
‘We recorded a payment request from “Sterling Commerce”‘ with module.zip attachment
November 19th, 2009 at 5:21 pm
Recieved the same scam saying they were from pepsi cola and were charging my account. My antivirus program caught and deleted it quick.
November 19th, 2009 at 8:51 pm
I have recieved these emails about “cartoon network” “dish network” “border group” “AMR” “conocophillips” and “ariba”
November 20th, 2009 at 8:13 pm
One of the attorneys for whom I work has been receiving these all week. His follow the pattern described above, using Cisco Sytems, Inc. as the company name.
November 21st, 2009 at 1:54 am
Anything with a zip file and you don’t know the sender…delete delete delete!
December 5th, 2009 at 9:53 am
“hello,
This is about online payment.There is a massive change underway in the mobile media market as it becomes unshackled from the operators’ portals that have dominated it for a decade, all without having made any significant inroads into the content use of mobile users. The new capped data packages, fuelled by further competition, will see a total revamp of the mobile media market. It will no longer be based on portals but on direct services by content and services providers via open source phones and mobile-friendly Internet-based services. The next step is the continued emergence of m-commerce and in particular m-payment services.
regards
hazz.hazz”
January 23rd, 2010 at 9:28 am
Should also add Hyland Software to the list of companies. (what a total bunch of tossers these people are!)
March 11th, 2010 at 7:41 pm
Very good blog, Thanks for sharing! Just discovered this inspiring quote and wish to share - “Success is 99 percent failure.” Have a wonderful day! Thanks Emma, I have a quote for you as well - “Stop trying to spam my blog you moronic spam bastard!” Attributed to the Big Man, this morning.
April 8th, 2010 at 11:31 am
Between me and my husband we’ve owned more MP3 players over the years than I can count, including Sansas, iRivers, iPods (classic & touch), the Ibiza Rhapsody, etc. But, the last few years I’ve settled down to one line of players. Why? Because I was happy to discover how well-designed and fun to use the underappreciated (and widely mocked) Zunes are. I think you’re leaving a comment on the wrong blog item, Hanken, this has bugger-all to do with Zunes! If your intention was to leave a spam comment, here’s a wee tip - remember to add a link to your post………… Not that I would have included it anyway! 
BM
November 17th, 2009 at 6:26 pm
Mine payment request phishing email was from Bearing Point for $887.39! And completely freaked me out.
Thanks for your info, I will delete email immediately.
Nov. 17, 2009