Outline Emails purporting to be from credit card providers claim that the recipient's credit card has been blocked due to a suspicious withdrawal. The messages instruct the recipient to open an attached file to view more detailed information.
The emails are not from any credit card provider. The attachments that come with the emails contain a trojan that, once installed, can connect to a remote server and download further malware.
ATTENTION: Your credit card is blocked!
Your credit card was withdrawn $ 0424,57
Possibly illegal operation!
More detailed information in the attached file.
Instantly contact your bank .
Best Wishes, VISA CUSTOMER SERVICES.
Attachment name: d30261180.zip
For several months, malicious emails purporting to be from various credit card providers have been hitting inboxes. The emails claim that the recipient's credit card has been blocked because of the possibly fraudulent withdrawal of a large sum of money. The messages urge recipients to open an attachment to read more information about the supposed "illegal operation".
The messages are not from any credit card provider and the claim that the recipient's credit card account has been compromised is untrue. In fact, the attachment contains a trojan, that if installed, will connect to a malicious website and download further malware components. In many cases, the initial trojan will download a rogue antivirus program that tries to trick victims into using their credit card to pay a software registration fee. In order to fool users into forking out for the registration fee, the fake anti-virus software will constantly display "security warning" windows listing serious virus and security issues that were supposedly found on the user's computer. The security issues listed in the warnings do not exist.
Details, such as email subject lines, the name of the credit card provider and the amount of the supposed withdrawal vary in different incarnations of the scam emails.
Criminals commonly use such ruses to distribute malware and to trick users into submitting personal and financial information. Your credit card provider will NEVER send you an unsolicited email about a supposed compromised account that asks you to open an attached file to review details. If you receive such a message, do not open any attachments or follow any links that it may contain. If you have any doubts about the security of your credit card account, contact your bank or card provider directly.