A student of mine forwarded the following phish to me:
It uses a graphic to hide the information and the true url (as seen above) from the user. So the user clicks on the big banner (see attached picture) and then ends up at the re-directed site. Two things of note:Dear Visa® customer,
*Before activating your card, read this important information for cardholders!*
You have been sent this invitation because the records of Visa Corporate
indicate you are a current or former Visa card holder. To ensure your Visa
card's security, it is important that you protect your Visa card online with a
personal password. Please take a moment, and activate for Verified by Visa now.
Verified by Visa protects your existing Visa card with a password you create,
giving you assurance that only you can use your Visa card online.
Simply activate your card and create your personal password. You’ll get the
added confidence that your Visa card is safe when you shop at participating
online stores.
*Activate Now for Verified by Visa*
<http://usa.visa.com/track/dyredir.js....10/.verified/>
Visa Department
- - it's a hidden directory (note the . before the word verified); this makes me think that this system has been broken into
- it actually checks numbers on the credit to ensure that what's inputted is legitimate rather than say all 1s or various variations of that (in the end I used a defunct credit card number to see if it would accept it and it did)
The site is up for now and as I write this I'm using IntelliTamper to get the pages as well as to see what other activities this person may have been up to. It has been reported to the Anti-Phishing Workgroup and the ISP.
Reply With Quote