Jan 31, 2011 09:56 GMT  ·  By

Security researchers from German antivirus vendor Avira warn of several phishing scams targeting customers of CartaSi, an Italian credit card provider.

There were a total of four attacks, all of them using different lures to trick users into clicking on the phishing URLs.

According to Sorin Mustaca, data security expert at Avira, the emails are being sent by botnets from around the world and bear fake headers to appear as coming from official-looking CartaSi addresses.

Some of the messages use traditional tricks such as warning the recipients that they need to activate their accounts or re-confirm their information.

A particular attack employs a somewhat unusual lure as it informs potential victims that they qualify for a fidelity bonus of 150 euro.

However, recipients are asked to log into their accounts during the next 48 hours in order to receive the money, otherwise the offer expires.

The email even quotes legislation articles that refer to the protection of personal information in order to add legitimacy to the scam.

All phishing emails lead customers to spoofed CartaSi pages designed to steal their personal data or online banking credentials.

"As usual, we would like to assure our readers that nothing is really free in the Internet and that banks (should) never send emails asking the users to do something that could identify them," Mr. Mustaca advised.

The number of phishing attacks has increased since the beginning of the year, particularly because of the tax season starting in several countries.

Last week there was a huge wave of tax refund-themed emails that spoofed taxation authorities in UK, US and Australia.

Some of the attacks contained spoofed websites for the largest banks in those countries, while others preferred to use attached HTML forms instead of directing victims to external links that can be taken down or blocked.