HEADS UP: Fake Visa email
Results 1 to 6 of 6

Thread: HEADS UP: Fake Visa email

  1. #1
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    HEADS UP: Fake Visa email

    I received the following HTML email this morning:

    From: Visa International Service <security@visa-security.com>
    Subject: Visa Security Update
    Date: 23 Dec 2003 05:24:34 -0600

    {image}

    Dear Customer,

    Our latest security system will help you to avoid possible fraud actions
    and
    keep your investments in safety.

    Due to technical security update you have to reactivate your account

    Click on the link below to login to your updated Visa account.

    To log into your account, please visit the Visa Website at

    http://www.visa.com

    We respect your time and business.
    It's our pleasure to serve you.


    Please don't reply to this email. This e-mail was generated by a mail
    handling system.


    {image}

    Copyright 1996-2003, Visa International Service Association. All rights
    reserved.
    The visa link inside the email points to:
    http://www.visa.com:UserSession=2f6q...ed_by_visa.htm

    After the http://www.visa.com you'll find a familiar 0x01. It's the first email I've seen that actually makes use of this browser bug.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Yeah, this is all over BugTraq today too. Yet another XSS issue to deal with...

    Good catch.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    And they have added the very classical false web site trap, also. Hidden in their endless link, you can find "@205.243.144.83/~gotierc/verified_by_visa.htm".

    This mail seems well written and well presented. It could make a lot of victims.
    Life is boring. Play NetHack... --more--

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Good heads up!

    The "English" is not quite "English", but it is a reasonable effort

    Cheers

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    As a question ? What would happen if I were to click the link in SirDice's message, and put some fake details into the relevant boxes, and NO I haven't been there.

    edit : by what would happen. I mean, would it class as a hack? or spam ? or what ?
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    Scam I think. The website has already been taken down. Clicking the link now brings you to a 404 Error, page not found. Basically when it was working, the person would forward the data you type in to a CGI script to collect the data that people type in, and they would access this data later to get account detail to steal money, etc... The page itself is at http://205.243.144.83/~gotierc/verified_by_visa.htm but all of the stuff before it is made to make is appear "real," but it is really just random data and doesn't/shouldn't do anything. On Internet Explorer, it would appear to be the site listed in front with the visa.com and user session data...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •