Spam Mails Pose as Unpaid Credit Card Notifications
Investigators at M86 Security the security firm are cautioning that one fresh junk e-mail campaign, which's distributing messages notifying of credit card invoices supposedly overdue, is targeting unwitting Internet users.
Notes the firm, the spam mails make no mention of a specific bank or card brand so it becomes easy for luring more victims.
Meanwhile, addressing the recipient as 'client,' the e-mail tells him that it's one week that his credit card is overdue, while the card information such as card limit, customer number and pay date are given. Thereafter, the e-mail states that the recipient's statement of credit card transactions is attached and that if he doesn't pay the overdue amount in two days, a $25 fine along with a finance fee will be charged against his account.
Further, the rogue e-mail uses a capitalized "You" for the recipient all through the text along with making more errors, all indicating that some non-English speaker crafted the message, M86 highlights.
Additionally, the attachment containing a zip file is camouflaged to appear as a payment card statement, while in reality it bears malicious software. If this zip file is extracted, an executable file with a Trojan downloader is released deceptively bearing the Adobe PDF icon. Besides, the executable on running pulls down phony anti-virus software.
States Threat Analyst Rodel Mendrez of M86 Security, the phony anti-virus produces a window giving a fake alert. Infosecurity-magazine.com published this on July 1, 2011.
Meanwhile, according to Mendrez, spam mail purveyors persistently create fresh social engineering tactics so they can disseminate their malware more easily. Thus one such tactic involves targeting owners of payment cards.
The analyst further says that spammers may adopt newer topics, while reusing the earlier ones frequently. According to him, the above spam mail has enough to rouse suspicion -particularly since no credit card firm is likely to e-mail customers- thereby suggesting users to remain cautious.
Eventually, it's because of the aforementioned kinds of malware-laced unsolicited e-mail campaigns which prompted M86 to highlight within its recent research "The Global malware Problem: Complacency Can Be Costly" that issues related to malicious software are constantly increasing.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 08-07-2011