ZeuS Trojan returns to target MasterCard, Visa security
The notorious ZeuS banking Trojan is popping up on infected computers with a fake enrollment screen for the "Verified By Visa" or "MasterCard SecureCode Security" programmes.
The real and legitimate Visa and MasterCard card-fraud prevention programs have cardholders use a password when making card-based purchases online as an additional means of security
The Zeus Trojan, with its ever-growing capability to steal financial information and execute unauthorised funds transfers, has recently been seen attacking banking customers on infected machines by displaying a fake "Verified by Visa" enrollment screen, or its MasterCard counterpart SecureCode.
It tries to lure victims into a fraudulent online enrollment action that would end up giving criminals their sensitive financial data
"When you log into your bank, it says you have to enroll in Verified by Visa, that it’s regulated now and you have to do it," explains Mickey Boodaei, CEO at Trusteer, a security firm that makes software specifically designed for use by banks and their customers to deter malware of this kind.
The remotely controlled ZeuS botnet, used by criminal organisations, infects PCs, waits for the victim to log onto a list of targeted banks or financial institutions, and uses various ruses to steal credentials or execute unauthorised funds transfers.
This newer attack with utterly fake Verified by Visa and MasterCard SecureCode is designed to trick banking customers into giving over their personal identification numbers, Social Security number, credit and debit card number with expiration date, and more, Boodaei says.. "We are investigating ZeuS so we encounter new variants," he says
Visa describes its Verified by Visa program as going beyond the already existing fraud detection it provides with "an extra layer of security at the point where you enter credit-card information online. The service helps prevent unauthorised online use before it happens by confirming your identity with an additional password
Those who think they have seen these fake Visa and MasterCard screens on their PC should do what they can to disinfect their machine and contact their bank, Boodaei advises.
Phishers Target Mastercard Users in Japan
Phishers target Mastercard users in Japan by sending spammed email that instructs recipients to update their Mastercard accounts online. The message informs users that Mastercard supposedly updated their online system for security purposes. A link that leads to a Mastercard page where users can update their account is provided. However, the said link is actually the phishing site. This phishing scheme targets Japanese users as the account information page/phishing page uses Japanese characters for input:
As with other phishing schemes, the phishing site asks for the intended victim's personal information such as name on the card, debit card or credit card numbers, expiration date, card type, verification code, card issuing bank, and ATM pin.
Mastercard, or any other financial institution, will never send you email unless you signed up for alerts like these. For security purposes, it's always good to check and re-check information by going to the official institution's website or calling their customer service numbers.
Banks To Judge: Stop The Target/MasterCard Settlement
Some of the banks and credit unions whose customers’ MasterCard payment cards were compromised in Target’s huge 2013 data breach are trying to stop a proposed $19 million settlement between the retailer and the card brand, Reuters reported.
Lawyers for the financial institutions filed a motion on Tuesday (April 21), asking a federal judge in St. Paul, Minnesota, to block the settlement, which they said was actually aimed at preventing the card issuers from suing Target for their costs in recovering from the breach. The judge will hear the motion on Monday (April 27).
“The agreement between Target and MasterCard is nothing more than an attempt by Target to avoid fully reimbursing financial institutions for losses they suffered due to one of the largest data breaches in U.S. history,” Charles Zimmerman, the co-lead attorney for the banks and credit unions, said in a prepared statement. “It provides paltry restitution for the substantial losses suffered. This sweetheart deal for Target was negotiated without involvement of the court or the legal representatives of the impacted financial institutions.”
Target didn’t offer Reuters a comment on the card-issuers’ action. But the fourth-largest U.S. retailer has previously said the settlement with MasterCard would cover banks’ costs to reissue credit and debit cards affected by the data breach. The plan requires acceptance by issuers of 90 percent of the affected cards no later than May 20, and would make payments to banks by the end of June.
Target reported in 2013 that at least 40 million payment cards were compromised by the breach during November and December that year, and the compromise might also have resulted in the theft of personal information on as many as 110 million people.