Received Fraud Attempt

sonnie · #1 (**permalink**) 01-29-2004, 08:58 PM

I wasn't sure where to post this, but most members generally check out the Breakroom from time to time. One of the sites I work on received a suspicious email sent to a specialized account. The account is used to field and answer questions from customers. In fact the email account is questions@hisdomain. The following is the email received:

Dear Sir/Madam,

We were informed that your credit card is used by another person or stolen. It could happen if you have been shopping on-line, and someone got your "Billing information" including your credit card number. To avoid and prevent any further fraud and billing mistakes and to refund your credit card, it is strongly recommended to proceed filling in the secure form on our site and applying for our Zero Liability program. Program is free and it will help us to confirm the fact of fraud and investigate this accident as soon as possible.

(A continue button was located here)

Sincerely yours, Visa Support Assistant, Alwin Desagun.

Oddly enough, the more I looked at this name, does this remind you of "I'll win this again"?

Here is the offending URL:
http://www.vbill.biz/?

In order to view the final, bogus page, popups must be allowed. When you access this URL directly, they attempt to close the page. Depending on your settings you should get a message stating this. Do not allow page to be closed, and you will see the final page. If you don't see the page, look on your bottom toolbar or alt/tab to find it. Visa? I don't think so.

This is the email I sent to the owner of the site along with the original message:

Joe, very interesting. This is a fraud attempt. Interestingly enough it came to your "questions" email on your site. If you click on the continue button, and popups are not blocked, it takes you to a site which appears to be a Visa site asking for your Credit Card info. The URL which appears in the address box is an actual Visa site, but you are not on the actual Visa site. If popups are blocked, you are taken to a blank page. If you have popups blocked on your computer by using the Google toolbar, hold down the Ctrl key while clicking the button to see the page. The service they are offering is a Visa service, but this is not Visa. Any site requesting this type of information would be a secure site ie, https://. I immediately knew this was bogus, but decided to follow it through. I am looking in to where to report this to. You may want to pass this on to the rest of the employees just for general info.

Jim

ldyguique · #2 (**permalink**) 01-29-2004, 09:26 PM

Sonnie -

This is known as a "phisher" email -- they've become quite prevalent -- Citibank was hit last week and most of the major ISPs have had more than one attempt against their customers. One should always notify both the registrar of the site and their web hosting company, and if sufficiently energied, the FBI through their website.

sonnie · #3 (**permalink**) 01-29-2004, 10:34 PM

Quote:

Originally Posted by ldyguique

Sonnie -

This is known as a "phisher" email -- they've become quite prevalent -- Citibank was hit last week and most of the major ISPs have had more than one attempt against their customers. One should always notify both the registrar of the site and their web hosting company, and if sufficiently energied, the FBI through their website.

Thank you ldyguique, I'm just going to pass this on as advised.

carbonize · #4 (**permalink**) 01-29-2004, 11:07 PM

I got the exact same email. I just grabbed the headers and sent the email to abuse@visa.com same as I do with any fraud emails.

sonnie · #5 (**permalink**) 01-29-2004, 11:12 PM

Thanks carbonize, just the info I was looking for.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode