Security firm Trustwave is warning users to be on the lookout for bogus notifications that appear to come from the company. The messages seem to originate from various fake Trustwave email addresses.
Entitled “TrustKeeper PCI Scan Notification,” the fake emails instruct recipients to login to a portal in order to review a scan report.
“This is an auto-generated email to warn you that a TrustKeeper vulnerability scan of YOUR NETWORK SYSTEMS Found that your network is at risk. This scan was supplied as part of your PCI DSS compliance services from Trustwave,” the emails read.
“If you wish to review your scan report or change your scan schedule, you may do so by accessing your TrustKeeper at [link].”
Users who click on the URLs are taken to domains that might push malware onto their computers.