From SecureCode to Verified by Visa

Filed Under: SophosLabs, Spam

Approximately two weeks ago, we mentioned a phishing attempt targeting the Mastercard's SecureCode service [1]. We expected to see similar attempts targeting Visa's counterpart service, Verified by Visa. Today, we received one of the first samples:

Verified by Visa phishing email

The email came with a forged verifiedbyvisa.com "From" address, and provides plenty of links to the real Verified by Visa page. The "Activate Now" button, however, takes you to a phishing page hosted on a compromised domain:

Verified by Visa Phishing page

The phish page asks for various identity information, including a user's Visa card number, 3-digit security ID, ATM pin, Social Security Number, mother's maiden name, full address, and phone number. The security key creation portion of the site provides two boxes for entering the new key:

Verified by Visa Phishing page (Security Key)

The help link for the security key, however, directs a user to the Yahoo! Security Key page:

Help for Yahoo Security Key

If an unsuspecting user visits the link, chances are they will get suspicious and start wondering what Yahoo! IDs have to do with Verified by Visa. So, this phish site is not very well constructed. This phish campaign also lacks the enticing 16% purchase discount offered by the previous attempt.

Hopefully, even non-alert users would recognize this phishing attempt due to the inconsistencies on the site. On the other hand, alert computer users employing safe computing practices would not have clicked on the link in the first place.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s