The die-hard Zeus banking Trojan is rearing its ugly head once again, this time posing as an enticing cash rebate for Facebook, Gmail, Yahoo and Hotmail users.
In the case of the Facebook scam, the Zeus variant uses a Web inject, rigging browsers to display a fraudulent offer for "20 percent cash back" if users link their Visa or MasterCard debit card to their Facebook account. The fake Web page prompts the victims to enter their full debit card number and expiration date, security code and PIN, Trusteer explained. Users will supposedly receive the cash rebate after they purchase Facebook credits using their credit card.
The method of attack for Gmail, Yahoo and Hotmail victims is slightly different, but the outcome is the same. In the threats Trusteer spotted, the infamous Zeus Trojan compromises the websites to display an offer for a "new online security service" that enables them to link their debit card to their Google Mail (or Yahoo or Hotmail) account.
The offer again prompts users to enter their financial information, and, like the Facebook scam, this one comes complete with logos for MasterCard SecureCode, Verified by Visa and Norton, giving it a sheen of authenticity that may be enough to convince gullible victims it's real.
"This attack is a clever example of how fraudsters are using trusted brands — social network/email service providers and debit card providers — to get victims to put down their guard and surrender their debit card information," Trusteer's Amit Klein wrote. "These Web injects are well-crafted both from a visual and content perspective, making it difficult to identity them as fraud."
Anytime a website asks for your credit card number and expiration date, make sure the site is encrypted — look for "HTTPS" and a lock symbol in the URL bar. If you're at all suspicious about the website, don't enter any financial or personal data. And remember, the better the offer, especially if it's unsolicited, the greater the chance it's a scam.