The phishing e-mail masquerades as a message from MasterCard encouraging users to sign up for the card network's SecureCode protection programme and offering a 16% discount on future purchases made with the card.

Users that click on the link in the spam mail are re-directed to a spoofed phishing site and told to supply confidential data including credit card expiration date, date of birth and the three digit security code located on the back of their plastic card.

SecureCode was introduced by MasterCard in 2002 to protect confidential cardholder data over the Internet. The system requires customers making online purchases to verify their identity with a password.

Carole Theriault, senior security consultant, Sophos, says: "MasterCard has been very successful in positioning SecureCode as the answer to online fraud, and with so many computer users growing increasingly worried about the risks of shopping online, the prospect of greater security and money off can be too much to resist."

"What's more, phishers are putting a lot more effort into their scams these days and to the undiscerning eye, it's almost impossible to tell this isn't the real MasterCard site," she adds.