Many companies are expanding their operations online. It makes things a whole lot convenient for the consumer. Like instead of sending physical bills, mobile operators can just shoot you an email to send you an online statement of account.
Unfortunately, cyber criminals are catching on to this and have decided to take advantage of it for their scams. The latest are these AT&T bill notifications that are making the rounds on the web, which basically inform customers that their bills are ready to be viewed online. As expected, the links point to a malicious website that's hosting the Blackhole exploit kit.
The email's subject reads: "Your online bill is ready to be viewed." The email says:
Any payment complaint after your bill period expires will not be shown in the bill amount listed directly bellow. If you have made any recent payment, please refer to the current balance of the Account Overview and the Bill & Payments pages.
This is the latest to join the line of scams which will hijack your PC and turn it into a botnet, if the Blackhole kit runs on your system.
Here are a couple of other scams that you should watch out for, all of which make use of the Blackhole exploit kit:
Bogus BancorpSouth Emails. These emails inform recipients that their online banking transaction passwords have been changed. The links point to a series of sites, which will eventually lead to the Blackhole exploit.
Classmates.com's Fake Reunions. The emails appear to be invitations for you to join your classmates online, and they're based on the real Classmates.com emails, which makes them harder to identify as scams.
Craigslist Post/Edit/Delete Emails. Post any ads lately? Then you're going to be more susceptible to these scams which are patterned after the emails from Craigslist. But once again, they're fake and will only lead you to site that push malware.
Fake PayPal Notifications. Did you get an email that said someone just sent you some money on PayPal? Contrary to what you might think at first, it's not your lucky day. You won't be cashing anything out, but you'll instead end up with an infected PC if you fall for this dirty trick.
Fake Anti-Virus Programs Pushed on Twitter. Scams like these don't just exist in email form. They've also taken over Twitter, where compromised user accounts are used to spread links to 'free' anti-virus software that doesn't contain the promised program, but will, instead lead people to the Blackhole exploit.