Latest 'phishing' scam targets Visa customers

E-mails advise consumers to 'reactivate their accounts'

Security experts are warning of a new Internet scam that preys on Visa credit card holders, using e-mail and a specially designed Web site to harvest customer account numbers and personal identification numbers.

The ruse is the latest example of so-called phisher scams and comes as one e-mail security company reported that incidents of such scams, which use decoy Web pages and spam messages to trick unsuspecting users into divulging sensitive information, were up 400% this holiday season.

Visa International Inc. didn't respond to requests for comment.

The new phisher came to light after Internet users began receiving e-mail messages purportedly coming from "Visa International Service." The messages claimed that Visa had implemented a new "security system to help you to avoid possible fraud actions" and asked users to click a link to "reactivate your account," according to messages posted in Full-Disclosure, an online discussion list frequented by computer security experts.

The message contained a Web link that appeared to direct users to, Visa International's official Web site.

However, security experts who looked at the HTML message's source code discovered that the link actually directed users to a Web page at an Internet address that doesn't belong to Visa, according to messages posted on Full-Disclosure.

The Web site has since been taken down.

E-mail security company Tumbleweed Communications Corp. said earlier this week that reports of e-mail fraud and phishing scams are up 400% this holiday period.

Tumbleweed based its findings on reports of scam attacks submitted to, a Web site run by the Anti-Phishing Working Group, an industry group that Tumbleweed helped found, the company said in a statement.

Tumbleweed identified more than 90 unique e-mail fraud and phishing attacks in the past 60 days, including scams like the Visa attack that spoof the origin of e-mail messages and feature links to fraudulent Web pages that collect user information.

Tumbleweed and the Anti-Phishing Working Group estimate that more than 60 million e-mail scam messages were sent in the past two weeks seeking to take advantage of increased online transactions during the holiday season.

On average, 5% of recipients responded to the scam e-mail, Tumbleweed said.


Copyright © 2003 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon