I didn't fall for it. But let's just say I almost clicked.
Seems like they'll never end. And they're getting more clever every day. I try and remind myself, not to fall for it. Just delete them, if it's really serious, I'll get a call from my credit card company. They just won't be contacting me online. I had renewed a domain name today, and the site I was using said that my charge did not go through. I don't carry a balance on my credit card, so I was a tad alarmed.
I promptly called my card company, and they said, "No... it went through." I thanked them and hung up. I submitted a trouble ticket with the domain registration company. Weird, but it must have gone through. I chalked it up as an error on their side.
Later, I went to check my email account, to see if they had responded. There was an email that appeared to be from Visa. I had just recently added more security to my visa account through a new type of authentication, and this email instantly grabbed my attention as being possibly legitimate.
After about three seconds, I knew it was bogus. But it goes to show how a series of events could lead you to believe that an email like this may be legitimate. Another blogger, I can't remember who, referred to it as a "perfect storm situation".
Here it is, read below for the numerous red flags that will make it impossible to be from Visa.
|
Verifyed by VISA - Multiple Password Failure
Dear VISA Credit Card Member ,
VISA Credit Card is devoted to keeping a safe environment for its community of consumers and producers. To guarantee the safety of your account, VISA Credit Card deploys some of the most advanced security measures in the world and our anti-fraud units regularly screen the VISA Credit Card database for suspicious activity.
We recently have discovered that multiple computers have attempted to log into your VISA Credit Card Online Banking account, and multiple password failures were presented before the logons. We now require you to re-validate your account information to us. If this is not completed by February 31, 2006, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.
In order to confirm your Online Bank records, we may require some specific information from you.
Please Click Here or on the link below to verify your account
http://www.visa.com/verification/update/
Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.
We apologize for any inconvenience.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
VISA Credit Card Security Team |
|
- They've spelled verified wrong in their subject! You would think with the amount of time and effort they put into these scams, that spelling would be the first thing they would get right, but thankfully almost all of the email phishing attempts I've seen have horrible spelling and grammar.
- They make reference to having this problem cleared up by February 31, 2006. Wow, looks like I'll never get this problem cleared up. I'd typically wait till the 30th of Feb to handle something like this. There's no way Visa would send out email with an impossible date in the text.
- I've removed the actual link target from the "click here" and the link below it from above, as it was actually pointing to www.comsec-data.dk/catalog/admin/backups/ (unlinked for your protection) an international web site, not even close to anything visa would be using. So remember, even if a link looks correct it's too simple to obscure where it really goes, mouse over the link and look at the bottom left status bar in your browser, it will tell you where it really goes.
- I did not bother to look at the mail headers, but that's always something you can look at too.
Just remember to not fall for it. No matter how credible it seems, don't talk yourself into it. Call your bank. Call ebay. Call Paypal, call whoever it is claiming to be. Make them prove it's real. If you start down a path, and you feel strange, or you feel it's not legit, close your browser and quit.