MasterCard users must be on their guard for any e-mails claiming to come from the company following the discovery of a phishing campaign which attempts to entice victims with the promise of money off future purchases, says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
The content of this phishing e-mail is unusual since it attempts to lure users to sign up to SecureCode and receive extra security protection for their MasterCard accounts, by offering a 16% discount on future purchases made with the card, says Myroff.
"In contrast, typical phishing campaigns ask users to confirm details for maintenance purposes or because of database corruption."
In reality, users that click on the link contained within the e-mail are redirected to a phishing site, set up to look almost identical to the genuine MasterCard Web site, Myroff says. "Visitors are then asked to supply confidential information including credit card expiration date, date of birth and the three-digit security code located on the back of the card - ample information for the cyber-criminals to then access and use the account in question to steal money," he adds.
"Phishers are putting a lot more effort into their scams these days and to the undiscerning eye, it's almost impossible to tell this isn't the real MasterCard site," Myroff says.
Trojan attack
This week also saw the emergence of yet another spate of low to medium prevalence Trojans. Troj/DwnLdr-HCM is a downloader and information-stealing Trojan for the Windows platform.
Another Trojan for the Windows OS, Troj/Busky-FB, installs itself in the registry and creates the following entry: HKCU\Software\RR0OKt5hEC.
The Troj/Dloadr-BKR Trojan, again affecting Windows users, has also been noted.
The W32/Netsky-BS worm is also spreading via e-mail and affecting the Windows platform.
W32/Xorer-D, another worm for the Windows platform, includes functionality to access the Internet and communicate with a remote server via HTTP.
"Following the MasterCard scam, computer users must be wary of simply clicking on links in unsolicited e-mails and should take time to verify the site address first - it may take a little longer, but will protect your money and identity from preying cyber criminals in the long run. Also, everyone needs to use a little common sense - if it seems too good to be true, it probably is," Myroff says.
Share
Editorial contacts