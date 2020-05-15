A new phishing case involving Mastercard cards has been unveiled. Is about a type of scam whose purpose is to obtain data from a user (keys, bank accounts, credit card numbers) through deception.

It can be produced in several ways: by a text message to a cell phone, a phone call, a website that pretends to be an entity, a pop-up window, and the most used and known, an email. Attackers usually pose as an official entity to get sensitive data that is then used to steal accounts, among other things.

This phishing campaign it starts with a message that comes through the mail with the subject “Update notice” in which the potential victim is informed of the implementation of a new security system that would disable online accounts, so that users of the service they must register again to avoid the suspension of the account.

The message invites the potential victim to click a link. However, the link is fake and redirects to a server that is not related to the company. The scammers behind the campaign are usurping the identity and possibly it is a site that was compromised and later used to host the fake site.

If the user enters the fake site that the attackers set up, they will find a web page very similar to the one that really belongs to the company whose identity was usurped.

Another interesting fact is that the page on which you are invited to enter personal data makes no reference to the security update mentioned in the email initially received, reported the security firm ESET that was in charge of finding this scam.

If the user were to enter their data, a simulation of the legitimate Mastercard site would be run and then, in effect, the victim was redirected to the legitimate site reason why the affected person believes that the process was effective. On another occasion, Infotechnology reported a very similar scam that came from Brazil.

How to protect yourself?

First of all, use common sense: see if the incoming mail comes from a legitimate address and check that everything matches. In addition, you should avoid clicking on the links that are received by mail or social networks where they later request data from bank accounts or services such as Netflix and PayPal. It is always convenient to enter through the official sites of these platforms to avoid identity theft.

Another key factor in reducing the number of victims of phishing is implementing the use of double factor authentication on all services availableas this added layer of security added helps prevent third parties from accessing our accounts in case they are victims of the theft of our access credentials in a breach.