Cybercriminals are trying to steal your credit card details

Dec 13, 2013 08:02 GMT  ·  By

Right around the same time last year, phishing emails that advertised “Free Tesco Vouchers for Christmas” started making the rounds. Now, the malicious notifications are landing in inboxes once again.

“Tesco Bank is giving you a chance to shop for free at any of our tesco outlets or online by giving out free tesco vouchers for Christmas. This offer is only for TESCO CREDIT CARD AND TESCO SAVINGS/LOAN OWNERS and it will be valid to use until the 31st of December,2013. CREDIT CARD CUSTOMER CLICK THE LINK BELOW,” the emails read.

However, the links don’t point to a Tesco website, but to a hijacked site that’s been set up to host a phishing page.

The links from a sample email submitted to millersmiles.co.uk on Thursday pointed to a Canadian website. Interestingly, the hacked site belongs to a company that provides web development and IT support services.

In the meantime, the website has been cleaned up. However, it’s likely that the phishing pages look very much like the ones doing the rounds last year.

Victims are asked to provide their Tesco username, credit card PIN, password, CVV2, email address, and email account password. All the information provided by the user is stored on a server controlled by the cybercriminals.

Watch out for emails advertising special offers, especially during the holiday season. Cybercrooks are well aware of the fact that most people could use a gift card for some Christmas shopping and they’re counting on it to make a profit.

If you’re already a victim of such a scam, immediately change all your passwords. Also, notify your bank and keep a close eye on your account.