December 23rd, 2003, 03:56 PM
HEADS UP: Fake Visa email
I received the following HTML email this morning:
The visa link inside the email points to:
From: Visa International Service <email@example.com>
Subject: Visa Security Update
Date: 23 Dec 2003 05:24:34 -0600
Our latest security system will help you to avoid possible fraud actions
keep your investments in safety.
Due to technical security update you have to reactivate your account
Click on the link below to login to your updated Visa account.
To log into your account, please visit the Visa Website at
We respect your time and business.
It's our pleasure to serve you.
Please don't reply to this email. This e-mail was generated by a mail
Copyright 1996-2003, Visa International Service Association. All rights
After the http://www.visa.com you'll find a familiar 0x01. It's the first email I've seen that actually makes use of this browser bug.
Experience is something you don't get until just after you need it.
December 23rd, 2003, 04:32 PM
Yeah, this is all over BugTraq today too. Yet another XSS issue to deal with...
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
December 23rd, 2003, 09:30 PM
And they have added the very classical false web site trap, also. Hidden in their endless link, you can find "@220.127.116.11/~gotierc/verified_by_visa.htm".
This mail seems well written and well presented. It could make a lot of victims.
Life is boring. Play NetHack... --more--
December 24th, 2003, 12:09 AM
Good heads up!
The "English" is not quite "English", but it is a reasonable effort
December 24th, 2003, 12:15 AM
As a question ? What would happen if I were to click the link in SirDice's message, and put some fake details into the relevant boxes, and NO I haven't been there.
edit : by what would happen. I mean, would it class as a hack? or spam ? or what ?
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
December 24th, 2003, 01:24 AM
Scam I think. The website has already been taken down. Clicking the link now brings you to a 404 Error, page not found. Basically when it was working, the person would forward the data you type in to a CGI script to collect the data that people type in, and they would access this data later to get account detail to steal money, etc... The page itself is at http://18.104.22.168/~gotierc/verified_by_visa.htm but all of the stuff before it is made to make is appear "real," but it is really just random data and doesn't/shouldn't do anything. On Internet Explorer, it would appear to be the site listed in front with the visa.com and user session data...