What the attacks share in common, besides being scams, is their use of a specific variant of Zeus
A new fraud campaign aims to separate users of Facebook, Google Mail, Hotmail, and Yahoo from their debit card data.
"We've recently discovered a series of attacks being carried out by a P2P variant of the Zeus platform against some of the Internet's leading online services and websites," said Amit Klein, CTO of Trusteer, in a blog post. The attacks come disguised as offers for great rebates or hot new security functionality. But in reality, "the scams exploit the trust relationship between users and these well-known service providers, as well as the Visa and MasterCard brands, to steal users' debit card data," he said.
Each of the social engineering attacks differs slightly in its execution. In the case of Facebook, for example, the scam offers people a 20% discount if they link their Visa or MasterCard details to their Facebook account. "The scam claims that after registering their card information, the victim will earn cash back when they purchase Facebook points," said Klein. A fake Web form then requests that the user enter their debit card number, its expiration date, as well as their security code and PIN.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024