Online Paperless Billing – The New Attack Vector For Cyber Crime

imageI’m very much in favor of online paperless billing and, virtually all of my reoccurring monthly bills are delivered this way – directly to my inbox. For example (shown below), is a snapshot of the regular monthly email notice from my natural gas supplier.

A simple click on the embedded link, and …..

Enbridge 1

there’s the bill – which is identical, I might add, to the bill delivered by regular mail.

Enbridge 2

A couple of extra clicks to reach my online banking and, the bill is paid.


No stacking up bills to be dealt with (along with all the other bills), at a later date. Done – fini – terminado!

I like it and, I’m sure my utilities suppliers love it – since, in most cases, they get paid far in advance of the required payment date. A perfect system it seems – except, this is the Internet.

Ah, the Internet – the playground of every scumbag cyber criminal from Moscow to Montreal – and, beyond. So, it’s hardly surprising to see online paperless billing come under attack.

Yesterday, Commtouch let me know of an ongoing attack – directed at AT&T  customers – which automatically embeds malware onto the targeted machine, once the user clicks on the embedded link in the  billing notice.

Since the billing email shows an outrageous balance (in the following screen capture, $943.01), theoretically, the response ratio should be significantly higher than it might otherwise be.

Several months back, I received a billing notice from my cable supplier totaling $650 – versus the normal $150 – and, I can assure you, I clicked on the embedded link, immediately.

It was, of course, a massive screw up at their end. Never the less, I instinctively (and, without thinking) clicked on the link . Being frustratingly annoyed is often a powerful call to action. Cyber criminals know exactly how to wind us up –increasing the odds that we’ll respond inappropriately.


Graphic courtesy of Commtouch.

According to Commtouch, who generously shared their research –

The pattern to be aware of in this case is: <legitimate domain>/<recurring set of random letters>/<index.html>

The index.html file tries to exploit at least the following known vulnerabilities:

·Libtiff integer overflow in Adobe Reader and Acrobat       CVE-2010-0188

·Help Center URL Validation Vulnerability       CVE-2010-1885

Every link in the email (there are 9 links), leads to a different compromised site with malware hidden inside. Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy), should mouse-over the links.

Genuine emails from AT&T will include AT&T website links.  For example the “ link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs.

I might add, that I use the WOT Browser add-on and, you’ll notice in the first graphic (at the top of this page), the green circle indicated the embedded link is safe. I strongly suggest that if you currently do not have WOT installed, that you consider doing so. As well, I use the Redirect Remover add-on which removes any redirect links in Firefox. An appropriate way to become aware of redirected links.

Four years ago, when I stated writing this Blog, I was hopeful that the cyber criminal threat to Internet users would be actively addressed. That at some point, governments and law enforcement would step up and actively seek out, and punish, the criminals who have turned the Internet into a minefield.

Governments, (the U.K, the U.S., Canada, Australia, India …) it seems, don’t give a fiddler’s f*ck – they appear to be much more interested in passing regressive Internet legislation directed at you – not cyber criminals. Legislation designed to massively infringe on individual personal privacy, and individual human rights. In the meantime, cyber criminals continue to roam freely.

As for law enforcement agencies – just try reporting a cyber crime to your local police department and, you’ll find that they couldn’t care less. Their focus is on low level behavioral crimes, like busting teenage Pot smokers. Just how much safer does that make you feel on the Internet?

Unless, there is a concerted effort on the part of all of us – and yes, that means you need to get involved – demanding a responsible approach to this outrageous criminality on the Internet – we will all, at some point, become a victim of cyber crime.

Do I sound angry? You bet I am.


Filed under Cyber Crime, email scams, Malware Alert

12 responses to “Online Paperless Billing – The New Attack Vector For Cyber Crime

  1. Bill – I fully agree with you. While I love having everything on line for my billing, I only use the email as my reminder. The Credit Union we belong to uses a system for bill payer that reaches into the account and pulls back the statement to our bill payer system. I feel safer with that, but let’s not kid ourselves it will only be a matter of time before that system is breached!

    • Hi Brian,

      Interesting – I’m using a Credit Union as well. Although, yours appears to be somewhat more advanced than mine. Will have to see what they can do about that. 🙂



  2. I almost never use the links in an e-mail sent to me. Aside from the risk of it being a phishing e-mail, even if it is legitimate, many companies track link response or use third party companies to handle their e-mail, and I have no interest in being part of that either. I use a password manager that makes it pretty easy to access my account on any site with a URL I’m more inclined to trust (though since any site can be hacked, I still pay attention to what’s going on).

    • Hey RedNightHawk,

      Yes, you’re right. I’ve noticed lately, that much of the developer emails that are coming in are being handled by third parties. probably linked to the link response tracking you mentioned.

      Great comment – thanks.


  3. As well you should be angry! The petition to create a backlash for cyber-criminals is FAR overdue! Will be re-bloggin’ again… (I think I may as well give up my blog and just reblog you! LOL)
    Oh, BTW, I may not be around for a few weeks; I won the Coke-a-Cola (Yup, you read that right…) International contest…all I have to do is send two arms, a leg and my bank account number… LOL… wish I’d saved the letter… Hope your day gets better! *khrys…

    • Hey Khrys,

      Congrats on the CC deal. Just remember, you’ll one leg left – no $, but – one leg. Not bad. 🙂

      Thanks for the reblog – appreciate that.



  4. Reblogged this on khrystleraineduste and commented:
    Don’t get scammed…

  5. delenn13

    I don’t like on line billing because Virgin Mobility likes to add charges for whatever with no explanations but the word “Event”; NTM 4 times I didn’t even get a bill.

  6. delenn13

    Telus has been doing that for a few years. Virgin charges too. I have been forced to keep a calendar just for bill due dates because of it. I have even had Enbridge not send me a physical bill. No system is perfect.

    • Hey Delenn13,

      I dunno – there’s just something wrong with that. What’s next – hooking us up so that they can count the breaths we take, and then bill us. Oh, and charge us for the billing.

      I’m searching for a new planet at the moment. I’ll let you know how that goes. 🙂