Phishing Attack: VISA - ´Verified By Visa´

This Scam call to action is ´You may activate Verified by Visa for your Visa card in two ways: Activate Now or Activate During Shopping...´. Its goal is probably of getting victim´s credit / debit card information, SSN, contact information (name, e-mail address, phone numbers, etc.).

This phish is quite an interesting one. It does not do the usual threatening phish scams do. It takes a real service offered by VISA, and offers to enroll you to it - from VISA´s name, of course. The only difference is that VISA does not activate this service online.

The message is a very mild and calm in temper (while most phish scams create an atmosphere of urgency) and explains the new service - essentially a password protection of the transactions made from your card online. The text itself is largely copied from the VISA website:

The URL is not hidden. It does, however, start and finish like a normal URL on the VISA website, and could be very convincing. When eventually the link is clicked, the phish site opens:

As you see, the site copies the VISA style - in colors, fonts and pictures. It does have multiple links to the legitimate VISA site, and does not urge you to do anything - and this is what makes this scam so believable. The URL is, again, untampered. It is just believably constructed. After the ´submit´ button is pressed, the business end of the phish comes out. This is where it should become suspicious. The amount of information is too great for just a service activation. Yet, it does look nice and believable.

Phish website on: datasecurities.net

WHOIS data:  Expiration Date: 2007-08-14 10:58:27; Creation Date: 2004-08-14 08:49:56

REGISTRANT CONTACT INFO
Rajagopal Srirangam, 1539 Platte St. Denver, CO 80202, US, Phone: 3034805307

The domain to a fictious name and was probably registered with a stolen credit card. Interestingly, the address belongs to Spot Domain, a domain registrar. So they are probably a 3th party victim.