Scam Targets Visa Customers
Boost in 'phisher' tricks includes message directing victims to fake site.
Paul Roberts, IDG News Service
Wednesday, December 24, 2003

Security experts are warning of a new Internet scam that preys on Visa credit card holders, using e-mail and a specially designed Web site to harvest customer account numbers and personal identification numbers.

The ruse is the latest example of phisher scams and comes as one e-mail security company reports a jump in such scams. Such hoaxes typically use decoy Web pages and spam e-mail messages to trick unsuspecting users into divulging sensitive information.

Visa International did not respond to requests for comment.


Misleading Message
The new phisher incident came to light after Internet users began receiving e-mail messages purportedly coming from Visa International Service. The messages claimed that Visa had implemented a new security system to help you to avoid possible fraud actions and asked users to click a link to reactivate your account, according to messages posted in Full-Disclosure, an online discussion list frequented by computer security experts.

The message contained a Web link that appeared to direct users to www.visa.com, Visa International's official Web site.

However, security experts who looked at the HTML message's source code discovered the link really directed users to a Web page at an Internet address that does not belong to Visa, according to messages posted on Full-Disclosure.

The Web site has since been taken down.

Customers of both Citibank and Wells Fargo have been hit by similar scams in the past few months.


Fraud Takes No Holiday
E-mail security company Tumbleweed Communications says reports of e-mail fraud and phishing scams are up 400 percent this holiday period.

Tumbleweed bases its findings on reports of scam attacks submitted to Anti-Phishing.org, a Web site run by the Anti-Phishing Working Group, an industry group Tumbleweed helped found, the company says in a statement.

Tumbleweed has identified more than 90 unique e-mail fraud and phishing attacks in the last 60 days. Among them are scams like the Visa attack, which spoof the origin of e-mail messages and feature links to fraudulent Web pages that collect user information.

Tumbleweed and the Anti-Phishing Working Group estimate that more than 60 million e-mail scam messages have been sent in the last two weeks and seek to take advantage of confusion and increased online transactions during the holiday season.

On average, 5 percent of recipients responded to the scam e-mail, Tumbleweed says.

More at PCWorld