Credit card one week overdue? Malware disguises itself in spam attack

Credit cardHave you received an unexpected email telling you that your credit card is one week overdue, and that you must pay the debt within two days or face additional charges?

Well, don’t rush to open the attached file – or your computer could be struck by a malware attack.

The emails, which have been spammed out widely, try to frighten you into opening an attached file called Report#113.zip.

Overdue credit card malicious email

Sign up to our free newsletter.
Security news, advice, and tips.

Dear Customer,

Your Credit Card is one week overdue.
Below your Card information

Customer 0066594169
Number XXXXXX
Card Limit XXXXXX
Pay Date 27 Jun 2011

The details are attached to this e-mail.
Please read the financial statement properly.

If you pay the debt within 2 days, there will be no extra-charges.
In 2 days $25 late fee and a finance charge will be imposed on your account.

Please do not reply to this email, it's automatic mail notification.
Thank you.

Note that the customer number quoted in the email appears to be randomly chosen, so may differ in the emails you receive.

Subject lines which have been used in the malware campaign include “Your financial debt overdue”, “Payment by credit card overdue”, “Credit Card is one week overdue”, “Credit card payment of overstayed”, and “Credit card overdue”.

If you do make the mistake of opening the attached file, you run the risk of infecting your Windows computer with malware that Sophos detects as Troj/Invo-Zip.

Cybercriminals use social engineering tricks to fool you into making unwise decisions.

Whether it’s making you believe that you’re about to see a sexy video, win a pair of free air tickets or discover what company has been debiting your credit card, the intention is the same with malware attacks like this – to dupe you into running dangerous code on your computer.

Sophos products intercept the malicious emails as both malware and spam.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.