All the latest UK technology news, reviews and analysis

Verified by Visa phishing attack spotted

by Phil Muncaster

19 Nov 2009

Comment: 1

  • Tweet this
Phishing
Phishing scams are becoming increasingly sophisticated

Security experts warned today that the Verified by Visa online authentication scheme has become the latest lure used by phishers hoping to harvest personal information from unsuspecting shoppers.

The scam begins with users being sent an email inviting them to join the scheme, but clicking on the link takes them to a fake site (see screenshot below).

Andrew Brandt, a malware researcher at Webroot, explained in a blog post that the site then requests "all the information you gave the card-issuing bank at the time you first signed up for the credit card".

"That's Red Flag number one, but it's worth repeating. In a real sign-up form for Verified by Visa, you won't be asked to provide your mother's maiden name, social security number, birth date, or any other sensitive details that you wouldn't otherwise enter into a web-based order form while shopping online," he said.

"The page created by the phishing gang responsible for this scam is clearly more professional, slick and clean than most phishing pages. The form's businesslike appearance serves to reassure the victim that the page really belongs to Visa."

Nigel Hawthorn, European vice president of marketing at network security vendor Blue Coat Systems, added that users need URL filtering technologies as standard, because regular anti-virus tools will not protect against visiting phishing sites such as this.

Phishing-grab

"The initial lure is sent out by email but the real threat is via the web, so you need to make sure you have web defences and not just email and spam defences," he said.

Hawthorn added that Verified by Visa has been held up as such a "paragon of virtue" in protecting users against online threats that it is a natural place for the criminals to strike.

Do you agree?

 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

36%

0%

10%

54%

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Symanteccloud

Social networking: a guide for IT managers

Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them

Riverbed

Mitigating the risks of IT change

The importance of understanding your infrastructure

C# Developer - Leamington Spa

C# Developer - .Net Developer ( C#/ASP.Net ) - Warwick...

ITIL Service Desk Manager / Incident Manager. Lancashire

ITIL Service Desk Manager / Incident Manager required...

Project Manager IP, MPLS Networks, London EC1

Client Facing Project Manager, Project Management, Managed...

Project Manager, IPT, VoIP - North West or Midlands

Client Facing Project Manager, Project Management, IPT...

To send to more than one email address, simply separate each address with a comma.