Visa Personal Password Phishing Scam
Unsolicited email, purporting to be from Visa, instructs recipients to secure their credit cards by clicking a link and creating a personal password (Full commentary below
(Received, April 2008)
Subject: Protect your Visa card online with a personal password
Create an additional password to protect your existing card for online purchases
We are proud to announce that Visa Europe in association with all European and U.S. banks launch a new campaign against online fraud and reward all participants with a 50.00 Euro bonus just for enroll and secure your card. Your personal bonus code is VISA-884AM-4423-2008 ( after you use the code please delete the email or keep it private, conform our privacy and policy you cannot use your code twice, for more info please visit our Privacy and Policy )
Please enroll now by clinking the Global Visa Site select your country and follow the easy steps for a better security on your card.
[Link to bogus website removed]
Do not be the next victim and fight with us against credit card fraud.
Screenshot of the scam email
Scammers are always ready to exploit genuine security initiatives implemented by financial institutions. Often, they attempt to disguise email scam attempts by claiming that recipients can increase the security of their accounts by following the instructions in the message.
Beware of scam emails claiming to be from your credit card company that ask you to click a link and provide personal information
The email discussed here claims that recipients can protect their Visa credit card for online purchases by clicking a link in the message and creating a personal password. However, the message is in fact a phishing scam and was not sent by Visa. Those who fall for the ruse and click the link will be taken to a very sophisticated, but fraudulent, website that has been designed to closely resemble the genuine Visa website. The scammers attempt to sweeten the bait by falsely claiming that customers will receive a 50 Euro bonus just for enrolling. A series of forms on the bogus website ask the visitor to provide sensitive personal and financial information including address, credit card and login details. All information supplied can be retained by the scammers and used to access accounts and for identity theft.
The criminals running this scam have mirrored their efforts on the genuine Verified by Visa
fraud prevention system offered by the credit card giant. The Verified by Visa system allows card holders to attach a personal password to their card so that online purchases cannot be made without providing the password. Customers who wish to use the system must first create a password and then activate the card. This is a popular and effective fraud prevention system.
With this scam, the scammers attempt to capitalize on the popularity of the Verified by Visa system. To further the illusion that the message is legitimate, the scammers have included seemingly genuine Visa logos, graphics and formatting in both the scam email and the bogus web pages.
Although Verified by Visa is a genuine system, Visa does not send out generic, unsolicited emails to customers that ask them to provide personal information. Information about phishing
on the Visa website notes:
If you receive an email that appears to be from your card issuer requesting financial information or any other personal data:
* Treat the email with suspicion.
* Do not reply to the email or respond by clicking on a link within the email message.
* Contact your card issuer as soon as possible to report the suspicious email. Use the number or Web site address on the back of your card or on your monthly statement.
The page also notes:
Your card issuer will never ask you to provide any kind of confidential or financial details via an email request. Your card issuer may, however, send a confirmation email after activating your Verified by Visa enrollment.
Internet users should be extremely cautious of unrequested emails that claim to be from financial institutions. Fraudsters use many different tactics to trick recipients into clicking links in such emails and handing over personal information. If you receive an email requesting personal information, do not ever click links in the message or open attachments unless you have independently verified that the message is genuine.
Verified by Visa
Visa - Common Frauds
Last updated: 3rd April 2008
First published: 3rd April 2008
Write-up by Brett M. Christensen
Verified By Visa Phishing Scam