Trusteer researchers are warning of a new version of the Zeus Trojan that specifically targets users of Facebook, Gmail, Hotmail and Yahoo by offering rebates and information on new security measures.
"The scams exploit the trust relationship between users and these well-known service providers, as well as the Visa and MasterCard brands, to steal users’ debit card data," Trusteer CTO Amit Klein wrote in a blog post.
"Each of the social engineering attacks differs slightly in its execution," writes InformationWeek's Mathew J. Schwartz. "In the case of Facebook, for example, the scam offers people a 20 percent discount if they link their Visa or MasterCard details to their Facebook account. 'The scam claims that after registering their card information, the victim will earn cash back when they purchase Facebook points,' said Klein."
"On Gmail and Yahoo, the malware offers free enrollment into a new secure payment processing system allegedly supported by 3,000 online shops and developed in partnership with Visa and MasterCard," writes PCWorld's Lucian Constantin. "On Hotmail, the malware preys on fears of credit card fraud by offering users to sign up for a free debit card protection service similar to 3D Secure, that requires a password to authorize online transactions in addition to the card's security code."
"Like with all malware threats, be observant," advises WebProNews' Zach Walton. "Look at the URL of the page and all the text. Even if these scams look legitimate, there are always some obvious signs that they are fake. Use common sense when dealing with something that looks too good to be true, because it often is."