Security researchers warn of a new phishing attack that targets Brazilian credit card owners by spoofing e-mails from MasterCard’s Surpreenda (surprise) program.
Spam analysts spotted the new campaign from Commtouch, who notes that unlike classic phishing schemes where users are threatened into exposing their sensitive information, this attack tries to lure them with rewards.
In order to achieve this they spoof communications related to MasterCard Surpreenda, an advantage program that lets credit card owners earn reward points when making purchases. These points can then be spent in “pay one, take two” promotions, where the second product can be sent as a gift to someone.
The rogue e-mails purport to come from surpreenda@redecard(dot)com.br and bear a title of “Participate in the MasterCard Surprise Promotion - RedeCard” [translated]. It is likely the phishers hijacked legit e-mail advertising the program and only changed the destination of the link inside.