It's a Scam...
I received a phishing e-mail today. Mom didn’t know what a phishing e-mail was and she does a little bit of internet surfing… mostly shopping. So I feel obligated to shed a little light on the subject.
Take into consideration, I am not an expert on this subject and my sole purpose here is to warn the unsuspecting of real and true dangers that lurk on the internet.
A phishing e-mail can take various forms. It will usually appear to come from a sender that will be familiar to you. The names of the senders can be the same as your bank, your credit card, or an online store. The name of the sender is to establish trust on your part.
The true e-mail address will be hidden behind a false one and appears to really come from the proclaimed source. The subject line and body of the text will also have a ring of truth to it. Within the body of the text will be information that will compel you to take action.
The action will usually require you to go to a website. A link will be provided within the e-mail. Once you get to the website several things could happen while you are there.
Your computer could be scanned for information that is saved on its hard drive, hidden programs could download onto your computer and send information back to another computer without your knowledge, or you could actually be required to enter personal and critical information, such as credit card and account numbers, as well as passwords, on the website itself. And these are just a few examples.
Most of these websites will look authentic and be finished out with the appropriate logos and language, but the phishing web page is just a cover page hiding its true purpose. A phishing e-mail’s purpose is to rob you, whether it is your money or your identity.
So how did I get this phishing e-mail? More than likely someone who has my e-mail address picked up a virus that sends an e-mail to everyone in their address book. It is also possible that my IP address (my computer’s internet address) was picked up by a pop-ad, or maybe it was scanned while I was on a website. I really despise pop-up ads because they seem to always download spyware (small information collecting programs) onto your computer, most are benign, but not all of them. Mind you, I always take note of who is “supportive” of pop-up advertising. The chances that they will sell me anything are slim because of these underhanded practices.
Since a lot of people have my e-mail address, and because I do all of my research on the internet, it is hard to tell where I could have been compromised. Even though I have a firewall and a program to prevent pop-up ads, it seems that I am not 100% ‘clear’ of this pestilence.
The e-mail that I received today was supposedly from:
"Visa Security Department"
With the e-mail address of:
noreply@visa.com
The body of the text said:
Visa Security Program
Dear client,
The VISA company informs you that in result of a failure in the Verified by Visa system, the sum of 414.95$ was taken from your card.
If you haven't made any purchases during the week, then please register in the Verified by Visa system so that the money can be recovered.
This system fully protects you from unauthorized use of your card.
If you are already registered in the Verified by Visa system, then you have to register one more time to activate your account.
Follow the link to continue the registration process.
Please note that there is a familiar name, a compelling reason for action, and a piece of truth. In this instance, there really is such a thing as a “Verified by Visa” program.
Here are a few legitimate links for you to go to in case you would like more information:
Visa Security Program, “Verified by Visa”
Visa’s Common Frauds Web Page
Contact Visa:
If you have received an email that appears to be from Visa requesting financial information or other personal data, please email phishing@visa.com to notify Visa of the specifics of the fraudulent email.
Here’s Visa’s information concerning identity theft.
I have called Visa and also sent them the offending e-mail.
Here’s the e-mail response that I have received:
Thank you for contacting Visa and questioning the email you received.
It is likely that you received what is known as a "phish", which is a
fraudulent email that attempts to collect your personal information.
Please do not reply to the suspicious email or attempt to contact the
web site mentioned within the email.
Visa has many safeguards and detection systems in place, but prompt
action by alert cardholders remains a very important method of stopping
deceitful activities. Should you receive further communication that you
deem questionable, please feel free to contact us immediately. For more
information, you may also visit our web site by entering the following
address into your browser: visa.com/security.
If you provided information to a fraudulent web site, please contact
your Visa card Issuer at the number listed on the back of your Visa
card or on your bank statement.
We appreciate your bringing this matter to our attention.
Visa Security
I had asked some specific questions in my e-mail because the person I had talked to on the phone didn’t have any answers for me. I was hoping to get more information about this problem, but all I received was this “canned” response.
Oh well… they probably thought that I was ‘phishing’ for information.
later…
Take into consideration, I am not an expert on this subject and my sole purpose here is to warn the unsuspecting of real and true dangers that lurk on the internet.
A phishing e-mail can take various forms. It will usually appear to come from a sender that will be familiar to you. The names of the senders can be the same as your bank, your credit card, or an online store. The name of the sender is to establish trust on your part.
The true e-mail address will be hidden behind a false one and appears to really come from the proclaimed source. The subject line and body of the text will also have a ring of truth to it. Within the body of the text will be information that will compel you to take action.
The action will usually require you to go to a website. A link will be provided within the e-mail. Once you get to the website several things could happen while you are there.
Your computer could be scanned for information that is saved on its hard drive, hidden programs could download onto your computer and send information back to another computer without your knowledge, or you could actually be required to enter personal and critical information, such as credit card and account numbers, as well as passwords, on the website itself. And these are just a few examples.
Most of these websites will look authentic and be finished out with the appropriate logos and language, but the phishing web page is just a cover page hiding its true purpose. A phishing e-mail’s purpose is to rob you, whether it is your money or your identity.
So how did I get this phishing e-mail? More than likely someone who has my e-mail address picked up a virus that sends an e-mail to everyone in their address book. It is also possible that my IP address (my computer’s internet address) was picked up by a pop-ad, or maybe it was scanned while I was on a website. I really despise pop-up ads because they seem to always download spyware (small information collecting programs) onto your computer, most are benign, but not all of them. Mind you, I always take note of who is “supportive” of pop-up advertising. The chances that they will sell me anything are slim because of these underhanded practices.
Since a lot of people have my e-mail address, and because I do all of my research on the internet, it is hard to tell where I could have been compromised. Even though I have a firewall and a program to prevent pop-up ads, it seems that I am not 100% ‘clear’ of this pestilence.
The e-mail that I received today was supposedly from:
"Visa Security Department"
With the e-mail address of:
noreply@visa.com
The body of the text said:
Visa Security Program
Dear client,
The VISA company informs you that in result of a failure in the Verified by Visa system, the sum of 414.95$ was taken from your card.
If you haven't made any purchases during the week, then please register in the Verified by Visa system so that the money can be recovered.
This system fully protects you from unauthorized use of your card.
If you are already registered in the Verified by Visa system, then you have to register one more time to activate your account.
Follow the link to continue the registration process.
Please note that there is a familiar name, a compelling reason for action, and a piece of truth. In this instance, there really is such a thing as a “Verified by Visa” program.
Here are a few legitimate links for you to go to in case you would like more information:
Visa Security Program, “Verified by Visa”
Visa’s Common Frauds Web Page
Contact Visa:
If you have received an email that appears to be from Visa requesting financial information or other personal data, please email phishing@visa.com to notify Visa of the specifics of the fraudulent email.
Here’s Visa’s information concerning identity theft.
I have called Visa and also sent them the offending e-mail.
Here’s the e-mail response that I have received:
Thank you for contacting Visa and questioning the email you received.
It is likely that you received what is known as a "phish", which is a
fraudulent email that attempts to collect your personal information.
Please do not reply to the suspicious email or attempt to contact the
web site mentioned within the email.
Visa has many safeguards and detection systems in place, but prompt
action by alert cardholders remains a very important method of stopping
deceitful activities. Should you receive further communication that you
deem questionable, please feel free to contact us immediately. For more
information, you may also visit our web site by entering the following
address into your browser: visa.com/security.
If you provided information to a fraudulent web site, please contact
your Visa card Issuer at the number listed on the back of your Visa
card or on your bank statement.
We appreciate your bringing this matter to our attention.
Visa Security
I had asked some specific questions in my e-mail because the person I had talked to on the phone didn’t have any answers for me. I was hoping to get more information about this problem, but all I received was this “canned” response.
Oh well… they probably thought that I was ‘phishing’ for information.
later…
posted by It's me, T.J. at Wednesday, March 08, 2006
2 Comments:
T.J., if you open the header, most likely you will see that the suspicious email originated from on overseas source, also most all phising/scam emails I get are detected as spam and go directly into my bulk mail box.
Even with my firewall and pop-up blocker, junk still gets through. I suspect the same folks who design firewalls and bop-up blockers, sell the tricks to get past them to the bad guys. yep I suspect they profit from both sides.
I tried to do that... see the original e-mail address, but I couldn't get it to show.
You're probably right, about everything else. Money drives all things.
later...
Post a Comment
<< Home