New MasterCard Fraud Scam
Late breaking news (September 14) about the phishing scam outlined below on August 24:
September 13th saw another email phishing attempt very similar to the August 24 occurance. The Subject line contained the same reference number as below but included "Procedural Warning - Security Alert" rather than the original text. Additionally, the directions to start the security process varied from the original scam in that it asked "please login inside your account www.cucardsonline.com and follow the steps."
Phishing scam as posted August 24, 2010:
CUETS is advising members to be aware of the following phishing scam that is currently circulating. CUETS is proceeding to have the website shutdown.
The text of the phishing email reads as follows:
From: firstname.lastname@example.org <email@example.com>
To: undisclosed-recipients <undisclosed-recipients:;>
Sent: Tue Aug 17 07:46:04 2010
Subject: [Ref#58813934] Have not signed on for 32 days
Dear Customer, Your MasterCard Account is out of date.
We need you to complete your details.
To start the update process, login www.cucardsonline.com <http://cu.update-cardsonline.co.cc/EN/index.php>
to your account and follow those steps.
2010 CUETS All rights reserved.
As indicated in the information contained in the August 10, 2010 communication about the MasterCard CHOICE REWARDS e-mail scam:
You can help protect yourself by remembering this important information:
- The simplest way to protect yourself from fraudsters is to avoid clicking on any unexpected link in an email message.
- DO NOT REPLY to emails soliciting personal information. Go to the company's legitimate website and use the page labeled "Contact Us"
- Unlike these phishing e-mails, CUETS (our MasterCard issuer) will never ask you to verify personal information in response to an e-mail
- Most fake communications convey a sense of urgency by threatening discontinued service
- Many fraudulent e-mails contain misspellings, incorrect grammar, and poor punctuation
- Links within the fake e-mail may appear valid, but deliver you to a fraudulent site
- Phishing e-mails often use generic salutations like “Dear Customer,” or “Dear Account Holder” instead of your name
The address from which the e-mail was sent is often not one from the company it claims to be