The personal information of millions of online consumers could be put at risk if the latest phishing enterprise, which targets those paying by Visa, is mistaken as legitimate by innocent customers.
Andrew Brant, a malware prevention blogger, explained in a recent post that consumers should be wary of any emails claiming to have originated from Visa and asking them to follow a link and update their payment card details online.
The malicious emails link to the phony but authentically designed site and users are then encouraged to enter a significant number of personal details, including answers to any security questions you may have used when setting up your Visa account.
Brant assured readers that this was the first indication that something was afoot, as no Verified by Visa payment type scheme should ever ask you for extensive personal information. This rule is applicable to site online with which you already hold an account and vigilance is essential if consumers wish to avoid having their personal information harvested with their unknowing complicity.
It is believed that this new phishing scam is being perpetrated by a particularly sophisticated group that has put a lot of effort into making the page look authentic. A casual viewer might be hard pressed to tell the difference between an official Verified by Visa page and the fake site.
Online security expert Nigel Hawthorn urged worried consumers to invest in a URL filter for their computers so that they would never accidentally enter information on phishing sites. Because data harvesting via phishing does not utilise virus or malware techniques, but is instead a con based on misleading online shoppers, standard antivirus software will not be an adequate defence.
Hawthorn emphasised the need for additional security tools which do more than just filter spam and remove viruses. He also pointed out that the new Visa phishing campaign could have a widespread effect because Visa itself has been associated with watertight online security in the past, so consumer trust is intrinsically assured by the brand.
