?

Log in

No account? Create an account
Previous Entry Share Next Entry
A Phish I Haven't Seen Before
Flash
lil_shepherd
After being hacked yesterday, I might just have been worried enough to fall for this one...

An e-mail from VBV/MSC claiming to be Verified by Visa/Mastercard, saying that my password for this had been attempted three times yesterday, and that I just needed to change it. They might have got away with it if it hadn't been for those pesky kids included a link.

Oh, yeah. Sure.

For the record, Verified by Visa never send e-mails asking you to change your password (so they tell me) and no-one tried to use my card yesterday.

  • 1
Well spotted!

SOP for financial-type e-mails: delete if I don't have an account, if I *do* I always run the mouse over the hyperlinks to see what the *Real* address is. Because there's always a very 'unofficial' address under the link. Not sure why they think that 'nationalwestminster' or whatever looks professional with 'mybank' or some such stupidity stuck in front of it. :)

Deleting doesn't stop phishing email; reporting does. Visa accepts reports of phishing email at phishing (at) visa.com. Include full headers of the email, but be careful not to include any sensitive personal data, since email isn't secure.

Yup, and both PayPal and E-bay made it very easy to report phishing and advertised the address to send them to. Hence anything I get relating to them immediately gets forwarded their way. Actually I don't seem to get PayPal or E-bay phishing e-mails any more ... ;)

The big banks (in the UK) seem much less disposed to tackle phishing, perhaps not wanting to draw attention to the fact their customers may be being scammed. Perhaps they've stepped up now, I may have another try at looking for an address for the next one.

I don't bank online, but, of course, as an online credit card user (I seem to have mislaid both my paypal accounts and as one of them used my work e-mail and I am retired) I have to be able to use Verified by Visa/Mastercard which is run by a separate company.

However, all the major banks have their staff within call, as I found when I rang my credit card provider. Neither of them suggested I send them the phishing e-mail which means either that

a) they have far too many of them or
b) they don't care.

My personal favourite is the urgently flashing internet window that pops up to tell you your computer isn't secure and tells you to run a scan. Alas, whoever's responsible can't spell at all...

It's very odd, as many of the major browsers (like the one I'm using) have an English spell-checker...

I assumed the code was written without a spell-check, but it was mostly homophones that a spell-checker wouldn't pick up.

  • 1