Latest e-mail fraud scheme / scam

… received an e-mail this morning from “Visa International Service” ( www.visa.com and ‘reactivate my account’ through their security system… hmmmm

Just thought I’d pass this on - see if anyone else gets this same ( presumably what will be a mass ) e-mail.

I am guessing this is a similar scam along the lines of the very recent PayPals security e-mail thing a few weeks back.

I don’t know if that email is a fraud or not because it directs you to the official visa site. But, it does seem to run contrary to visa’s policy.

Here’s a quote from http://www.visa.com

You should definitely let visa know about the email you received; they are in a position to lose a lot more money than each individual customer does.[/url]

Are you quite sure that the email was directing you to “visa.com”? Most of the emails of that sort which I receive have mangled the URLs so that, although they LOOK at first glance like they’re going to the official site, they’re really going somewhere radically different. They’re just putting “visa.com” or “microsoft.com” (or whatever) somewhere in the text to fool you.

If the URL actually directed you to “visa-security.com”, then it is pretty obviously a fraud. You can look up who owns a domain through the WHOIS system at any registrar, for example at
registrar.godaddy.com/whois.asp … &authGuid=

If you do that for visa-security.com, you find out that some schmuck allegedly in California has registered it through Tucows, and it’s being hosted out of Canada. Pretty obviously not an official Visa domain.

scumbags - thanks for the warning, i’ll keep an eye out

oh btw, it’s very easy mask your real website
example: http://www.google.com

looks like google right? move your mouse over to see it’s true destination

this is how they try to fool you with URL’s, take a look at this simple one

www.highstbank.com@fraudsterscrooks.ru

Looks like highstbank.com, right ? wrong. Notice the at sign ? everything before the @ is a user name and is usually ignored, the real url is afterwards.

URLs can be very cryptic, using numeric IP, hex codes etc…
try this one:

http://www.yahoo.com@216.239.57.99/

Forumosa won’t show that as a link properly, you’ll have to copy and paste it into your browser. URLs can get a lot more complicated and hidden than that.

I think this is the URL in that spam:<a href="http://www.visa.com :UserSession=2f6q9uuu88312264trzzz55884495&usersoption= SecurityUpdate&StateLevel=GetFrom@61.252.126.191/verified_by_visa.html">http://www.visa.com</a>
As you can see, it shows as www.visa.com then a load of meaningless numbers, then a @, then the REAL website address hidden in the middle (61.252.126.191) which is an address in Korea

Another possibility is this new IE6 flaw, which allows scammers to make IE6 display a different URL from what it actually is referencing:
news.yahoo.com/news?tmpl=story2& … &printer=1

[quote]

Good Morning, This is James from Swiftpay customer service. I'm e-mailing you to inform you that user: John94 has sent you $124. Please login to your swiftpay account and claim your secured funds. To recieve your funds you need to have a valid and up to date swiftpay account. Please ><a href="http://swiffer.hypermart.net/cgi-bin/signup.pl" onclick="exit=false"CLICK HERE to sign up if you do not already have an account. Your money will remain in your account pending a claim for 96 hours at which time it will be held to protect against possible money laundering and fraud. Have a nice day Sincerely, Swiftpay Customer Service [jsmith@swiftpay.com](mailto:jsmith@swiftpay.com) [/quote]

This is one I got a few weeks ago, a quick search on the web found them to be a fraud also, but this has been going on for years, apparently.

Yahoo! news just posted this scam… I can’t believe how long it takes to actually report this kind of news. But I guess the site that www.visa.com redirected you to has been down for a long time.

Yahoo! visa card scam news