14 DAY TRIAL // You may be wondering what Visa, MasterCard, Facebook, Gmail, Hotmail and Yahoo have in common. The short answer, as revealed by security experts, is a peer-to-peer (P2P) variant of the Zeus platform.
For each one of these combinations, cybercriminals have made a clever scenario, Trusteer reports.
When targeting Facebook users, the attackers use a web inject to push a shady offer that urges users to link their Visa or MasterCard debit cards to their social media account. By doing so, the victim allegedly earns cash every time he/she purchases Facebook credits.
The attacks against Gmail, Hotmail and Yahoo customers start with the advertisement of a new authentication service called 3D Secure, allegedly connected to the Verified by Visa and MasterCard SecureCode programs.
“The scam that targets Google Mail and Yahoo users claims that by linking their debit card to their web mail accounts all future 3D Secure authentication will be performed through Google Checkout and Yahoo Checkout respectively. The fraudsters allege that by participating in the program the victim’s debit card account will be protected from fraud in the future,” Trusteer’s Amit Klein writes.
The Hotmail scheme is somewhat similar, the potential victims being informed of the fact that “Windows Live Inc” is concerned about their security, offering a “100% secure, fast and easy” method of preventing fraud by linking the account to the debit card.
In each of these scenarios, the customer is presented with a number of textboxes in which he must enter his debit card number, its expiry date, the security code, and even the PIN.
Experts warn that these types of plots are hard to identify because they’re well designed, and the fact that the cybercriminals serve them via web inject makes them even more legitimate-looking. That’s why internauts must rely on common sense when presented with such offers.