‘Beware of Malware Attack Disguised As Email’

Jay Decenella, IT audit expert
August 15, 2011 /

Security firm Sophos has warned Internet users of a malware attack disguised as email about blocked credit card.

“Cybercriminals have spammed out emails which claim to be a warning that your credit card has been blocked, but in reality contain a malicious attachment designed to infect your computer,” said Graham Cluley, a senior technology consultant at Sophos.

Cluley tipped users to an unexpected email claiming that their credit cards have been blocked.

Sophos spotted dangerous emails that are using subject lines including “Your credit card is blocked” and “Your credit card has been blocked.”

According to the security firm, a typical fraudulent email would state that a recipient’s credit card “was withdrawn $ XXXX,XX” amount in a “possibly illegal operation!”

The email would lure users to get “more information in the attached file,” which is actually designed to infect their computers, or to “immediately contact [their] bank.”

The sender purports to be coming from the “MASTERCARD.com Customer Services.”

“Note that although the examples above refer to MasterCard, there are other versions which reference Visa, for instance,” Cluley said.

“The filenames and sums of money mentioned can vary from email to email, as does the wording in the message body,” he added.

The malware attack might have been presumably done by cybercriminals “in an attempt to avoid detection by security products.”

Sophos products intercept the malicious emails and the attachment as Mal/RarMal-C and Troj/Bredo-IZ, protecting the Windows computer from getting infected.

“If you receive an email claiming that your credit card has been blocked – treat it with suspicion,” Cluley said.

“If you’re concerned that the email might be true, contact your bank directly.”

Cluley added that it is important to use a “trusted point of contact rather than believe the phone number or website offered by a spammed-out email.”


Share your opinion

SEO Powered By SEOPressor