Fraudulent Payment Receipts Continue to Target Users

Summary

Users continue to receive emails referencing payment receipts for anti-virus solutions they did not purchase. Unlike from invoice scams, these emails do not request payment but rather claim that a payment has already been made. The user is instructed to contact the company via the included phone number to manage or cancel their subscription. Those who call the “cancellation department” will likely be asked to verify their payment card or banking account information in order to cancel their subscription and be refunded. If provided, the threat actors behind the phishing campaign steal the user’s financial information, which can be used to pilfer their funds and make fraudulent purchases. The techniques used in this and similar scams may increase the threat actors’ success rate as users are often more likely to attempt to receive a refund if they believe they have been charged erroneously.

Recommendations

The NJCCIC recommends users educate themselves and others on this and similar cyber threats. Users are advised to refrain from initiating contact in response to unsolicited or unexpected emails and, instead, call the referenced organization via the phone number found on their official website to dispute charges. Additionally, do not provide bank account or payment card information by telephone or email to unverified entities. Users are also encouraged to mark and flag these messages as “spam” or “phishing” via their email client so that the system may better learn how to identify similar fraudulent emails and prevent them from being delivered to end user inboxes.