Chase Credit Card Malware Email
Home Malware Chase Credit Card ‘Thank-You For Scheduling Payment’ Malware Email

Chase Credit Card ‘Thank-You For Scheduling Payment’ Malware Email

by Brett M. Christensen


Email purporting to be from Chase Credit Cards thanks you for scheduling a recent payment ‘as an attachment’ and claims that the payment will be credited to your account. 

Brief Analysis

Although it is designed to look like an authentic banking notification, the email is not from Chase. The attached .zip file harbours a trojan that can connect to remote servers operated by cybercriminals and download and install further malware. If you receive one of these emails, do not open any attachments or click any links that it contains.


Subject: Thank you for scheduling your online payment


Thank you for scheduling your recent credit card payment as an attachment. Your payment in the amount of 3898.96 will be credited to your credit card account (CREDIT CARD) ending in 0542 on 04/07/2015.

Now that you’re making your payment online, are you aware of all the convenient ways you can manage your account online?

See statements – Choose to stop receiving paper statements, and see up to six years of your statements online.
See automatic payments – Set up monthly payments to be made automatically.
Transfer a balance – Transfer a balance to your credit card account.
Go to Personalized Alerts – Schedule Alerts to remind you of key account activity.

You can also see past payments you’ve made online by logging on to and clicking “See/cancel payments” under “I’d like to …”

If you have questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Cardmember Services

Chase Bank Credit Card Malware Message


Detailed Analysis

This email, which purports to be from credit card services at Chase bank, thanks you for scheduling a recent credit card payment ‘as an attachment’. It claims that 3898.96 will be credited to your credit card account as a result.

The email features the Chase logo and colour scheme and includes several links that open the genuine Chase website. 
It also includes an attached .zip file that contains the word ‘payment’ along with a string of letters and numbers. However, the email is certainly not from Chase.

At first take, the message may seem like a typical phishing scam designed to trick you into supplying personal and financial information.

However, this attack has a different purpose. The attached file contains a trojan. Once installed, this trojan can connect to remote servers controlled by criminals and then download further malware. This malware may steal sensitive information from the infected computer and allow criminals to control the computer for their own nefarious ends.

As malware messages go, this example is quite sophisticated. The message may look like a genuine Chase notification. And, because links in the message lead to the genuine Chase website, recipients may be more inclined to open the attached file.

Details in the messages may vary. If you receive one of these emails, do not open any attachments that it contains and do not click any links.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,