Visa, one of Fifa’s six global partners for the 2010 World Cup, is the latest of the high visibility brand names to be hijacked by cybercriminals looking to profit from football’s premier tournament.
According to Samir Patil, the latest scam is one of many phishing examples targeting the Visa brand. Phishing is the process whereby scammers try and obtain sensitive information such as usernames, passwords and credit card details by posing as common or trustworthy entities.
Says Patil: “Visa announced a “Go Fans” promotion offer in which card holders could win a trip to South Africa to watch 2010 World Cup matches. “Not surprisingly, the socially aware phishers were quick to take advantage.”
The screenshot below shows how users are asked to fill in their Visa credit card details (such as name, credit card number, expiry date, security number, etc.) in order to register for the “Go Fans” promotion.
If a user fills in all of the required information and clicks on the ‘Submit Registration’ button, a fake handling code is generated to confirm a ‘successful’ registration. In this phishing effort, the so-called handling code can be generated even with a blank form.
Says Patil: “Visa’s security team is actively working with the appropriate organisations to shut down this site. The company has urged consumers to visit Visa Security, which contains helpful anti-phishing tips.
“Users are advised to refrain from clicking on unsolicited e-mail unless it is from authorised or official sources. Symantec is closely monitoring this trend and we will keep our readers updated.”