27.02.2012,

Author:  SB

Sophisticated MasterCard spam unsettles German-speaking internet users

Scamsters copied and edited original MasterCard design

The email reaching the inboxes is an example of an exacting piece of scam fraudsters produced. The style of language, the orthography and the matching design make this fake email appear quite credible. Even the picture is taken from the original MasterCard website. The only thing one might wonder about is the absence of a MasterCard logo.
Screenshot of a sophisticated MasterCard spam mail

Obviously, the site linked to is not one that belongs to MasterCard Incorporated or MasterCard Europe! It is a phishing site that looks as convincing as the email - because it is a copy of the genuine website. But the fraudsters updated it with a transparent overlay that alerts the visitor as follows:

“Dear customer,
Due to safety deficiencies in some major German online shops we are forced to let our customers undergo a card verification process. If you own a MasterCard, we recommend you immediately perform this verification process to avoid a possible card blocking. If you do not verify your card, we are forced to block your card within two days, for your own safety.”


Any click on this page leads the visitor to a second website, which also is a copy of the original MasterCard website. Noticed the different navigation bars? This is now the real phishing page! All data disclosed in the form presented will be sent to the fraudsters right away.

Some more notable details about this campaign:

  • The word “allfällig”, used in the German overlay on the fake website, is a word originating from Austria and Switzerland. It is not commonly used in Germany. This might be a hint regarding the origins of the spam mail campaign.
  • Conducting a Google image search for “Harald Fischer MasterCard”, an alleged member of the MasterCard security team Germany, results in the exact same signature that is shown in the overlay, as first hit. Something a security expert would clearly avoid!
  • We wonder if the website copycats did not realize the huge security claim on the genuine website’s left hand side. Or did they leave it there to appear even extra-credible?!
    “Important note
    Current consumer information regarding data theft (phishing)
    Get to know more”


What you need to know

Banking spam mails like this are not an entirely new threat, but the methods, styles, companies attacked and quantities vary. Therefore, it is vitally important to be informed about the basic concepts of such banking scams, to be able to identify it and therefore avoid it! Have a look at another recent banking spam example at the bottom of this article.

  • Emails from unknown senders should be treated with caution. If an email looks very strange, here's what to do: ignore it, delete it, but under no circumstances open attachments or click on URLs.
  • Reflect if this email is really meant for you! You do not own a MasterCard / PayPal / ING / eBay or similar account? Why would you then receive emails from these services with account suspension threats etc.?
  • Never disclose any personal information and/or bank data - either via email or on dubious websites.
  • Spam email should never be responded to. All a response does, is indicate to the fraudsters that the address they wrote to is actually valid.
  • Use an up-to-date, comprehensive security solution with a virus scanner, firewall, http scan and real-time protection. A spam filter, to get rid of unwanted spam in the first place, is a must-have, too.


If you want to read more about the scamsters’ tricks regarding emails, feel free to read our G Data whitepaper about “dangerous emails”, currently available in German, French, Dutch, Spanish and Italian.

Search