Will MasterCard breach breed new wave of phishing?

Email users are being warned to be on the lookout for new social engineering techniques attempting to exploit the widely-publicised theft of up to 40 million credit card account details from a transaction processing firm.

With a great many Discovery, MasterCard and Visa customers likely to be worried about the effect on them of the world's largest card security breach it is likely phishers will try to prey upon their uncertainty.

Users may receive emails purporting to come from their credit card company asking them to enter their details and card numbers for the purposes of fraud protection or to reactivate their account.

Often emails may even claim a fraud has been committed and against the backdrop of last week's data breach many users will assume that news is legitimate.

Such scams are nothing new but on the back of such a high profile breach it's likely some phishers will try their hand at such an obvious target, said Peter Dorrington, head of fraud solutions at SAS.

"Social engineering is a common technique," said Dorrington. "It needs an instigating hook and the timeliness is certainly there in this case."

He warned that links may even open pages from the very websites they set out to spoof, capturing data along the way. "Some of these phishing scams are very clever," he said.

"We're dealing with people with no morals or scruples here and it's not always only idiots who fall for this," he added, saying that in the days following the MasterCard breach it's likely even savvy customers may be caught off-guard.

Dorrington said any customers who receive any contact via email or telephone purporting to be on official bank business should request a case reference number and then call the number on the back of their bank or card statement to verify it.

Romanian antivirus software vendor BitDefender has said the media attention surrounding the huge data theft may also spawn socially engineered viruses.

BitDefender predicts email users may be directed to spoofed pages where viruses and Trojans could easily be downloaded.

A spokesman for BitDefender said anything that does happen will happen this week as "such attempts must work within the limited attention span imposed by modern media".