What’s very interesting about this campaign is the new angle. Usually, phishers ask their victims to confirm details, claiming this is just a routine check or the result of a database gone AWOL. However, this time users are promised financial gain.

The message tries to lure recipients into signing up to MasterCard’s SecureCode by promising them a 16%t discount on their future purchases made with the card. They are invited to click on a link and follow the instructions on the web page.

As expected, the link leads to a phishing site which is identical to the real MasterCard one. Here, victims must supply confidential information such as credit card expiration date, date of birth and the three digit security code located on the back of the card. Basically, this would be enough for the cybercrooks to access the account in question and empty it.

"What’s more, phishers are putting a lot more effort into their scams these days and to the undiscerning eye, it’s almost impossible to tell this isn’t the real MasterCard site" said Carole Theriault, senior security consultant, Sophos. "Computer users must be wary of simply clicking on links in unsolicited emails and should take time to verify the site address first – it may take a little longer, but will protect your money and identity from preying cybercriminals in the long run. Also, everyone needs to use a little common sense – if it seems too good to be true, it probably is."