Security researchers have alerted customers on a new spam e-mail, which attempts to scare users by asking them to make payment of overdue credit card bill. The spam e-mail identified by researchers at Sophos comes with different subject lines and seeks payment of the credit card bill within two days. The scam e-mail warns users that non-payment of the bill within two days may result in late fees and finance charges. The e-mails contain credit card details such as card number and card limit. The e-mail urges users to open the attached .zip file to view bill details.
Scammers attempt to create panic by claiming that their credit card bill is overdue by one week. Users who download the file out of panic or curiosity to check the authenticity of the claim, inadvertently download a malware on their computer systems. Security researchers at Sophos have detected the malware as Troj/Invo-Zip. The Trojan arrives in a Zip file and attempts to download more malware into the compromised machine. The malware affects Windows operating system.
Scammers also attempt to defraud users by sending URLs or image and video files related to an event or celebrity. Scammers may also send a fake invoice related to a parcel service or entice users to fill a malicious form for tax refund. In one of the recent spam attack, scammers attempted to capitalize the death of pop singer Amy Winehouse to download malware and compromise computer systems.
Internet users must not click on suspicious links and avoid downloading attachments in e-mails with suspicious claims. They must regularly update the security software to benefit from the latest virus and malware definitions added by the vendor. They may keep track of the security updates by visiting the websites of Computer Emergency Response Teams (CERTs) and product developers. E-learning and online degree programs may help Internet users in gaining insights on security threats and safe online computing practices.
Scammers may also target employees through social engineering techniques. As such, organizations must update employees on the latest threats through training sessions and e-alerts. They may also encourage employees to undertake online university degree programs to gain understanding of the security fundamentals and improve their cyber security practices.
Professionals qualified in masters of security science help organizations in making assessment of different threats in the IT environment and initiate corrective measures.
