Security researchers from Sophos have intercepted a new malware distribution campaign that generates emails posing as blocked credit card notifications from MasterCard.
Email title looks like “Your credit card is blocked” or “Your credit card has been blocked” and have spoofed headers to appear as originating from a @mastercard.com address.
File attached: Ek2666242.zip (52.0 KB)
The messages signed by MASTERCARD.com Customer Services read:
“Dear Customer, Your credit card is blocked! Your credit card was withdrawn $#### Possibly illegal operation!”
This malicious email is accompanied by an attachment. Do not open or download.
The emails instruct users to open the attached document in order to learn more information and contact their respective banks as soon as possible.
The attachments, ZIP archives with random numerical names, contain installers for Bredolab variants. Trojans from the Bredolab family act as malware distribution platforms, so victims are likely to get multiple infections as a result of falling for this scam.
Security researchers note that similar emails purporting to come from VISA or other credit card companies have also been spotted. “If you receive an email claiming that your credit card has been blocked – treat it with suspicion,” Sophos’ Graham Cluley advises.
“If you’re concerned that the email might be true, contact your bank directly (ensuring that you use a trusted point of contact – rather than believe the phone number or website offered to you by a spammed-out email!),” the security expert adds.
This type of lure in which attackers claim that the user’s account or credit card has been fraudulently charged has been used numerous times in the past, particularly in phishing attacks.
It is based on the idea that faced with the prospect of fraud users will act immediately without thinking of the risks or taking the time to verify the authenticity of the messages.