Tag Archives: Visa

Visa Targeted (Again) by Zbot Phishers

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

The gang of malware distributors who are currently flooding the Internet with bogus Facebook “Update Tool,” CDC “H1N1 Flu Vaccination Profile,” and IRS “Tax Statement” emails and Web pages are at it again — this time, targeting Visa with a fake email alert that leads to a page hosting not only a Trojan-Backdoor-Zbot installer, but that performs a drive-by download as well. This is the second time in less than a month that malware distributors have targeted Visa; Just before Thanksgiving, we saw a similar scam involving links to bunk Verified By Visa Web pages.

I’d say it’s ironic that malware distributors are using fraudulent transaction warnings as a method to infect users with a keylogger capable of stealing their credit card information when the victim enters it into a shopping Web site, but Visa doesn’t issue these kinds of warnings—the Visa-card-issuing bank warns customers of suspected fraud themselves, and they never do anything with that level of urgency via email.

Once you click through to the Web page, you end up on a page dressed up in its holiday best to look like an official Visa Web site. The top of the page even has your credit card number printed on it! Well, not the whole credit card number. It just prints the number “4XXX XXXX XXXX XXXX” (then goes on to say “to protect your private information, part of the card number is hidden with X’s“). How considerate.

Of course, all bank-issued Visa card numbers in the US are sixteen digits long and begin with a “4″ so it’s actually a pretty good guess that the Visa in your wallet right now looks just like that.

The bogus Web page even sports a URL that begins with “reports.visa.com,” followed by a random six- to eight-character domain name, but there the similarities end. The servers hosting the fraudulent pages are based in foreign countries where you wouldn’t expect a major company like Visa to operate its Web presence from, such as Morocco, on networks known to harbor both Koobface and Zbot Trojans. The text on the page claims to have a downloadable transaction report for your card. If you haven’t already guessed, the “statement” is just an installer for the Trojan.

Continue reading

Faux “Verified By Visa” Phishing Scam Targets Holiday Shoppers

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

When you sign up for a credit card — even with one of those pre-approved applications — you still have to provide the bank with your name, address, mother’s maiden name, social security number, and a host of other personally identifiable information. Once the bank issues the card, it shouldn’t ever need to ask you for all of that information again. But a phishing scam making the rounds this week — one that appears to be targeted at holiday shoppers who buy gifts online — aims to fool victims into doing just that.

The scam begins with an email, informing the recipient that they can sign up for Verified by Visa, a real program offered by the eponymous credit card company. The email links to a bogus page (part of which is shown at left) designed to lure an unsuspecting online shopper into the trap.  (And this is only one of several scams you should watch for, leading up to Black Friday, Cyber Monday, or whenever it is you decide to go online for deals on that fruit basket for Grandma. Webroot released findings today on additional data-stealing malware, and the larger pool of online shoppers this year which it appears to be targeting.)

Once you register with the (real) Verified by Visa service, participating merchants permit you to enter a password in addition to your card information. In addition to providing the purchaser with an additional layer of safety, the password also gives the merchant some assurance that larger-than-normal transactions (like the ones you make during holiday shopping season) will be approved quickly, without triggering fraud alerts.

The thing is, you don’t have to go to a special Web page to sign up for Verified by Visa. You are supposed to be offered the chance to sign up while you’re completing your purchase on the participating merchant’s Web site, as you’re entering your billing details. The Visa Web site spells this out in a simple graphic (though there have been some interesting problems with the way the system works).

In the phishing scam, you’re sent to a Web page that asks you for, essentially, all the information you gave the card-issuing bank at the time you first signed up for the credit card. That’s Red Flag #1, but it’s worth repeating: In a real sign-up form for Verified by Visa, you won’t be asked to provide your mother’s maiden name, social security number, birthdate, or any other sensitive details that you wouldn’t otherwise enter into a Web-based order form while shopping online.

Continue reading