There are a few major common subjects in a phishing attempt. Lots of them are either PayPal, your Bank or your Credit Card, with a message saying some thing like :
- Urgent: Your card has been stopped !
- There have been unauthorised or suspicious attempts to log in to your account, please verify
- Your account has exceeded its limit and needs to be verified
- Your account will be suspended !
- You have received a secure message from < your bank>
- We are unable to verify your account information
- Update Personal Information
- Urgent Account Review Notification
- We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address
- Confirmation of Order
- We have temporarily disabled your Credit/Debit Card
The original email looks like this. It will NEVER be a genuine email from PayPal , Your Bank or credit card so don’t ever follow the links or fill in the html ( webpage) form that comes attached to the email. Note the bad spelling of norepply and the VLSA.COM that is supposed to say visa.com ( using lookalike domains is a common trick that phishers use. The English Grammar in the email is just not quite right, so suggesting that this was created by somebody that doesn’t have English as their primary language.
You have received this email because you or someone had used your credit card from different locations. For security purpose, we are required to open an investigation into this matter. In order to safeguard your credit card, we require that you confirm your details. To help speed up this process, please access the following link so we can complete the verification of your Credit Card Account information. Enter with your unique Case ID VS2D3R Click here to login and confirm. If we do not receive the appropriate account verification within 1 week, then we will assume this credit card use is fraudulent and will be suspended. In that way you will not be in order to use your MasterCard/visa credit or debit card to make on-line payments or to withdraw cash on any ATM , until you will information will be verified.
The purpose of this verification is to ensure that your account has not been fraudulently used and to combat the fraud from our community. We appreciate your support and understanding and thank you for your cooperation in this matter.
This particular phishing campaign starts with an email with a link. The link in this case goes to http://adistancia.favaloro.edu.ar/themes/landingPage.html where you are invited to enter the case ID from the email.
Without the ID number, you just get an error message
If you enter the correct ID you get
Which is a typical phishing page that looks very similar to a genuine visa page, if you don’t look carefully at the URL in the browser address bar
This one wants your personal details, Your SSN (US Social Security Number), your credit card and bank details. Many of them are also designed to specifically steal your email, facebook and other social network log in details.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email or click the link in the email . Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.