WorldPay Customers Receive Malware Embedded Invoices
Researchers at security company Sophos are warning online users about a new e-mail scam targeting customers of WorldPay (a unit of Royal Bank of Scotland) with malicious codes.
The fraudulent e-mail showing the caption "WorldPay CARD transaction Confirmation" claims that WorldPay has completed processing of the consumer's transaction and he would be notified at some later date about his order's hand over. In the scam, WorldPay represents itself as Amazon Inc.
The e-mail, which is dispatched randomly to people whether the recipient has bought anything from Amazon or not, provides an attachment containing an invoice for the so-called purchase.
When this attachment is opened, a malicious program is downloaded on the user's system that Sophos has identified as Troj/Agent-JUC.
Furthermore, the security company notes that the fraudulent e-mail appears legitimate and sounds believable as it uses the rightly spelled words and a formal text.
To cite an example, the e-mail tells the recipient that the confirmation merely suggests that his transaction has gone through successful processing and not that Amazon has accepted his order. The confirmation of the order's acceptance rests with Amazon Inc., which alone is responsible for delivering the item the recipient has ordered for, the e-mail states.
Meanwhile, according to security researchers, the malware distributors have selected WorldPay and not any other card issuer or payment processor because WorldPay is a well-known company especially after making news headlines several times recently.
Reportedly, WorldPay, in December 2008, announced a major incident of data breach in which some unknown criminals had gained access to data of many credit card purchases. Later, it was disclosed that the cyber criminals compromised the cards under a most complicated operation of credit card scam ever in history, yielding them a total $9 Million.
Commenting on the new scam, Senior Technology Consultant Graham Cluley at Sophos pointed out via his blog message that Sophos published on May 7, 2009 that it was a common and most preferred tactic of cyber criminals to spam out Trojan horses in the guise of e-mail attachments that apparently claimed to arrive from authorized organizations.
Related article: World Find New Weapons of Mass Destruction - eWMD
» SPAMfighter News - 19-05-2009