Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Verified By Visa Phishing Scam

Summary:
Email claiming to be from Visa asks recipients to click a link and provide account information in order to activate the "Verified by Visa" security program (Full commentary below).



Status:
False - The message is a scam designed to steal financial information.

Example:(Submitted, February 2007)
Subject: Activate Now For Verified By Visa

Visa LogaVerified by Visa Logo

Dear VisaŽ customer,

Before activating your card, read this important information for cardholders!

You have been sent this invitation because the records of Visa Corporate indicate you are a current or former Visa card holder.To ensure your Visa card's security, it is important that you protect you Visa card online with a personal password. Please take a moment, and activate for Verified by Visa now.

Verified by Visa protects your existing Visa card with a password you create, giving you assurance that only you can use your Visa card online.

Simply activate your card and create your personal password. You'll get the added confidence that your Visa card is safe when you shop at participating online stores.


Activate Now for Verified by Visa

Thank you for your support.
Visa Service Department




Commentary:
This email claims to be from credit card provider, Visa and instructs recipients to follow a link to activate "Verified by Visa" security protection on their card. However, in spite of the seemingly genuine logos and formatting in the message, it does not originate from Visa. Instead it is a phishing scam intended to steal financial information. Those who do click on the link in the message will be directed to a fake website designed to closely resemble a genuine Visa web page. The fake site will request details about the cardholder's account which can then be harvested by the scammers running the phishing operation. In this way the scammers can gain all the data they require to use the compromised card for fraudulent transactions. Phishing scam attacks that use very similar tactics have been launched a number of times over the last few years.

Ironically, "Verified by Visa" is a genuine security program designed to protect consumers from credit card fraud. Cardholders are able to activate the security program by providing a credit card number on a secure Visa web page. The scammers have capitalized on this genuine program by diverting victims to a totally bogus activation process.

Visa has published information about phishing and other scams on its website and includes the following advice:
If you receive an email that appears to be from your card issuer requesting financial information or any other personal data:
  • Treat the email with suspicion.
  • Do not reply to the email or respond by clicking on a link within the email message.
  • Contact your card issuer as soon as possible to report the suspicious email. Use the number or Web site address on the back of your card or on your monthly statement.
In fact, you should be suspicious of any unsolicited email that asks you to click a link and provide personal or financial information. Phishing scammers continually target many financial institutions such as banks and credit card providers.

Learn more about Phishing



References:
Verified by Visa security program used as bait in phishing scams
Visa Security Program

Last updated: 7th March 2007
First published: 7th March 2007

Write-up by Brett M. Christensen