Feeds

Phishers offer credit card discounts to prospective marks

In-SecureCode

Internet Security Threat Report 2014

Phishing fraudsters are using promises of financial discounts to trick unwary users into handing over their credit card details.

Scam emails that form the basis of the fraud claim to be part of MasterCard's SecureCode scheme. Con men are attempting to exploit a lack of familiarity with the recently introduced programme, which ironically promises to offer greater security to credit card transactions.

Phishing emails attempt to lure prospective marks into "signing up" to SecureCode, by offering a 16 per cent discount on future purchases made with the card. More typically, phishing campaigns ask users to confirm details for maintenance purposes or due to database corruption.

In reality, users that click on the link contained within the email are redirected to a phishing site, set up to look almost identical to the genuine MasterCard website. Visitors are then asked to supply confidential information including credit card expiration date, date of birth, and the three digit security code located on the back of the card - enough information for the cybercriminals to abuse the compromised account themselves and sell on the details through the underground black market.

The scam emails were intercepted by net security firm Sophos.

"MasterCard has been very successful in positioning SecureCode as the answer to online fraud, and with so many computer users growing increasingly worried about the risks of shopping online, the prospect of greater security and money off can be too much to resist," said Carole Theriault, senior security consultant at Sophos.

"Computer users must be wary of simply clicking on links in unsolicited emails and should take time to verify the site address first - it may take a little longer, but will protect your money and identity from preying cybercriminals in the long run. Also, everyone needs to use a little common sense - if it seems too good to be true, it probably is," she added. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.