Issue 140 - October 2012 (1st Edition) - Page 3
Visa - Mastercard 'Security Incident' Phishing Scam
Email claiming to be from the "Identity Theft Department
" of both Visa and Mastercard warns recipients of a security incident that may have put their financial information at risk. The email asks recipients to click a link to activate their credit cards.
The message has no connection to either Visa or Mastercard or any of their service providers. The email is a phishing scam designed to trick users into divulging their credit card details to online fraudsters.
Detailed analysis and references below example.
Last updated: September 27, 2012
First published: September 27, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Your personal informations are compromised
Dear valued customers,
During the past few days, we had been warned and notified regarding some
problems in relation to our internet websites safety and security by
Cryptico (a security consortium), the main ideas behind this e-mail is to
inform you about a security incident. Unfortunately, your online banking and
credit card credentials are now at risk!
Please visit the following link to activate your credit card informations:
The Identity Theft Department
Visa / Mastercard in collaboration with Interac Online.
continually target user of both Visa
and Mastercard credit cards in various ways. In this attack, the scammers have concocted a generic message designed to extract credit card information from customers of both companies. The scam email masquerades as a customer notification that alerts users to a supposed security incident in which customer online banking and credit card credentials were compromised.
In reality, the email has no connection at all to either Visa or Mastercard.
Nor is it in anyway associated with Interac Online
, as claimed in the email.
The message advises users to click a link to activate their "credit card informations", thereby, presumably, alleviating the security risk to their accounts.
People who click the scam link will be taken to a fraudulent website and asked to start the activation process by providing either their Visa or Mastercard number. Although the fake form is not hosted on a secure (https:) site
as all genuine online financial transactions would be, the scammers have made an attempt to make the process seem more authentic by providing a typical image based security code field:
Users who enter the requested details will then be taken to further fake pages that request more financial and personal details. All information submitted on the bogus form will be sent to online criminals and used to make fraudulent transactions in the victim's name.
Legitimate credit card providers will never request customers to click a link and provide their financial information on an unsecure website. It is always safest to login to your online accounts by entering the account website address into your browser's address bar.
The scammers responsible for this phishing expedition sign themselves off as "The Identity Theft Department". Ironically, this is in fact quite an apt description for the scammers since they are indeed engaged in fraud and identity theft.
Phishing Scams - Anti-Phishing Information
Visa Card Violated Phishing Scam
Difference Between http and https
Pages in this issue:
- Miley Cyrus 'Sex Tape' Facebook Scam
- AT&T 'Account Limit Exceeded' Phishing Scam
- Visa - Mastercard 'Security Incident' Phishing Scam
- 'Letter from Barack Obama' Advance Fee Scam
- 'Blue Tiger' Picture on Facebook
- Better Business Bureau 'Complaint Received' Malware Emails
- Facebook Survey Scam - Free £100 ASDA Voucher
- Windows Email Security Update Phishing Scam
- Gmail 'Free Apple iPad Reward' Survey Scam
- 'Personal Assistant' Money Laundering Scam