Symantec researchers have spotted an unusual ransomware delivery campaign hitting mostly UK and US users: fake emails apparently coming from Visa are urging recipients to “take advantage of even more rewards and benefits in 2016.”
The email does, at first glance, look like it’s coming from an legitimate commercial source – it even contains advice for the recipient to not include credit card details in any correspondence:
“The spam campaign began as early as February 17 and is still ongoing. Although Symantec telemetry indicates the peak of the campaign may have already passed, it would not be surprising if the campaign starts picking up again since attackers behind TeslaCrypt are known to be very active,” the researchers noted.
This particular campaign targeted almost exclusively English-speaking countries.
Spam related to credit cards is goes out on a daily basis, but credit card-related spam campaigns involving malware are not that common, the researchers added, and urged users to keep their software updated and regularly back up their files.