Webroot reports on fake Verified by Visa phishing scam

According to a blog posting by Webroot, the phishing scam commences with a phishing email advising the recipient that he or she can now sign up for Verified by Visa, an online authentication system designed to enhance security for online shoppers.

Whilst the Verified by Visa security scheme is legitimate, Webroot noted that the phishing email links to a bogus page that logs your credentials for - presumably - later use by the fraudsters.

"The thing is, you don't have to go to a special web page to sign up for Verified by Visa. You are supposed to be offered the chance to sign up while you're completing your purchase on the participating merchant's web site, as you're entering your billing details", said the blog posting.

"The Visa website spells this out in a simple graphic (though there have been some interesting problems with the way the system works)", it added.

According to Webroot, in the Verified by Visa phishing scam, users are sent to a web page that asks you for the information you gave the card-issuing bank at the time you first signed up for the card.

"That's red flag #1, but it's worth repeating: In a real sign-up form for Verified by Visa, you won't be asked to provide your mother's maiden name, social security number, birthdate, or any other sensitive details that you wouldn't otherwise enter into a web-based order form while shopping online", the blog notes.

The other red flags include the lack of a secure (https) connection and the registration of the domain name used by a Google email account.


What’s Hot on Infosecurity Magazine?