Hackers are now targeting more social media. Rogue rebate offers are now showing up in Facebook, Gmail, Yahoo and Hotmail. Rebate offers and secure payment options are aimed at getting users to part with their debit card information.
Each attack appears slightly different on each site, but as Amit Klein, CTO of Trusteer announced, it is a peer to peer variant of the Zeus platform that leverages trusted relationships and well-known brands to convince users to sign up for services and better secure debit card transactions. "In the first attack against Facebook, the malware uses a web inject to present the victim with a fraudulent 20% cash back offer by linking their Visa or MasterCard debit card to their Facebook account," Klein wrote in a blog post. "The scam claims that after registering their card information, the victim will earn cash back when they purchase Facebook points. The fake web form prompts the victim to enter their debit card number, expiration date, security code and PIN" Even more misleading is the fact that it gives a fraudulent footnote explaining that the debit card PIN is for verification purposes only and should never be disclosed to anyone, including friends and family. In attacks against Gmail, Hotmail and Yahoo users, the malware offers a new authentication service from Verified by Visa and MasterCard Secure. Although many merchants require a 3D Secure password to complete online transactions, Klein notes this attack doesn't compromise 3D Secure but instead uses the Visa and Mastercard brands to add credibility.
The scam that targets Google Mail and Yahoo users claims that by linking their debit card to their web mail accounts all future 3D Secure authentication will be performed through Google Checkout and Yahoo Checkout respectively. It also maintains Hotmail users lacking the 3D Secure code won't be able to use Hotmail to make online purchases. The fraudulent site also claims participation in the program protects against future fraud. Trusteer believes this is the first time a web injection attack has targeted 3D Secure. They do not know how many users have fallen victim to this scam, but the numbers could be huge considering the clever social engineering and popularity of the targeted providers.