Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation








'Your Credit Card is Blocked' Malware Emails

Outline
Emails purporting to be from credit card providers claim that the recipient's credit card has been blocked due to a suspicious withdrawal. The messages instruct the recipient to open an attached file to view more detailed information.



Brief Analysis
The emails are not from any credit card provider. The attachments that come with the emails contain a trojan that, once installed, can connect to a remote server and download further malware.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Scroll down to submit comments
Last updated: 19th September 2011
First published: 19th September 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Your credit card has been blocked

Dear Consumer,

ATTENTION: Your credit card is blocked!
Your credit card was withdrawn $ 0424,57
Possibly illegal operation!
More detailed information in the attached file.

Instantly contact your bank .
Best Wishes, VISA CUSTOMER SERVICES.

Attachment name: d30261180.zip



Detailed Analysis
For several months, malicious emails purporting to be from various credit card providers have been hitting inboxes. The emails claim that the recipient's credit card has been blocked because of the possibly fraudulent withdrawal of a large sum of money. The messages urge recipients to open an attachment to read more information about the supposed "illegal operation".

The messages are not from any credit card provider and the claim that the recipient's credit card account has been compromised is untrue. In fact, the attachment contains a trojan, that if installed, will connect to a malicious website and download further malware components. In many cases, the initial trojan will download a rogue antivirus program that tries to trick victims into using their credit card to pay a software registration fee. In order to fool users into forking out for the registration fee, the fake anti-virus software will constantly display "security warning" windows listing serious virus and security issues that were supposedly found on the user's computer. The security issues listed in the warnings do not exist.

Details, such as email subject lines, the name of the credit card provider and the amount of the supposed withdrawal vary in different incarnations of the scam emails.

Criminals commonly use such ruses to distribute malware and to trick users into submitting personal and financial information. Your credit card provider will NEVER send you an unsolicited email about a supposed compromised account that asks you to open an attached file to review details. If you receive such a message, do not open any attachments or follow any links that it may contain. If you have any doubts about the security of your credit card account, contact your bank or card provider directly.

Bookmark and Share

References
MasterCard spam leads to Fake AV
Credit Card Overdue Malware Email
Visa Card Violated Phishing Scam



Last updated: 19th September 2011
First published: 19th September 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer