Security Incidents mailing list archives

Yet another Visa scam scheme

From: <peter.huang () ossecurity ca>
Date: Thu, 29 Jan 2004 21:30:29 -0500

I read that US Federal Government a set up email alert system trying to send
out cyber alerts. Like others, I am wondering how effective this could be.

In today's faked e-world, everything can be forged. Someone might fake cyber
alerts and try to lure others to click on buttons or run attachments. Today,
I received the following phishing email. I checked the link out and checked
the page asking for PIN, Visa Number. It looks so real.

Peter Huang
OSsurance Blocks Any New Win32 Program like W32.MyDoom From Running
http://www.ossecurity.ca/


========================= Beginning of Original Email ===============
<html><head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<style>
BODY {
        FONT-SIZE: 12px; COLOR: #666666; FONT-FAMILY: Arial, Helvetica, sans-serif
}
TD {
        FONT-SIZE: 12px; COLOR: #666666; FONT-FAMILY: Arial, Helvetica, sans-serif
}
P {
        FONT-SIZE: 12px; COLOR: #666666; FONT-FAMILY: Arial, Helvetica, sans-serif
}
A:visited {
        COLOR: #660066; TEXT-DECORATION: underline
}
A:link {
        COLOR: #0023a0; TEXT-DECORATION: underline
}</style>
</head>
<body>
<table cellSpacing=0 cellPadding=10 width=410 border=0><tbody><tr><td>
<p><h3>Dear Sir/Madam,</h3></p>
<p><h5>We were informed that your credit card is used by another person or
stolen.
It could happen if you have been shopping on-line, and someone got your
"Billing information" including your credit card number.
To avoid and prevent any further fraud and billing mistakes and to refund
your credit card, it is strongly recommended to proceed filling in the
secure form on our site and applying for our Zero Liability program. Program
is free and it will help us
to confirm the fact of fraud and investigate this accident as soon as
possible.</h5></p>

      <P align=right>
      <FORM
      target="_blank" action=http://%77%77%77%2E%76%62%69%6C%6C%2E%62%69%7A
method="get"><INPUT type="submit" value="Continue..."></FORM></P>

<p><h5>Sincerely yours, Visa Support Assistant, Alwin Desagun.</h5></p>
</td></tr></tbody></table>
</body></html>
========================= END of Original Email ===============

========================= Beginning of Phishing Page ================
<P align="center">
<FORM onSubmit="return Validate()"
action="http://host138.ipowerweb.com/~vbillbiz/cgi-bin/process.cgi";
method="post">
<TABLE cellSpacing=2 cellPadding=2 width=410 border=0>
========================= END of Phishing Page ================


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Does Anyone have the MyDoom.B Virus? Eric Hines (Jan 28)
- Re: Does Anyone have the MyDoom.B Virus? Gregory Dunlap (Jan 29)
- Re: Does Anyone have the MyDoom.B Virus? Meritt James (Jan 29)
  - Yet another Visa scam scheme peter.huang (Jan 30)