Usually, bank account phishers ask users to confirm their accounts due to supposed maintenance, database corruption, or possible compromise of the users' accounts. Today we came across a phish of a different sort. Today's sample entices users to add security protection to their MasterCard services and get 16% discount on future purchases. Seems like a deal too good to be true, right?
Here is the message sample:
The MasterCard SecureCode service actually exists. Here's the statement from the official MasterCard SecureCode site: "Every time you pay online at participating retailers, you will be automatically prompted to enter your own private SecureCode - just like entering a PIN at the ATM. In seconds, you gain added protection while shopping online."
The phishers took pains to make their fake site resemble the official one, with proper links to the official mastercard site. They also retained the look-and-feel of the SecureCode site:
To ensure that the credit card numbers entered are correct, the phishers used a script to calculate the proper checksums. We entered a random credit card number that has the proper checksum, and click on "next". This action takes you to the next page:
This second page is where the important details are phished, including the credit card expiration date, the card holder's date-of-birth, and the 3-digit security located at the back of the card. A user who entered all the information above would have their card compromised.
Extra security for credit cards is always recommended. However, additional security would only work if safe practices are adhered to. In the case of this phish, "adding security" would end with financial loss. Hence, always verify the sites in emails, and never click on links that you're asked to click.