New wave of Phishing E-mail Campaign Targeting 'First Data' Users

Recently, researchers at the security firm AppRiver have raised warning against a phishing campaign that attacks merchant accounts from First Data, a payment processing firm.

The fake e-mails identified by AppRiver come with a subject line "MERCHANT ACCOUNT UPDATE" and pretend to have come from "FIRSTDATA SERVICES." The text of the e-mail states that, customers should update their login details. To do this, customers are required to download the enclosed attachment in the e-mail and then proceed.

The attachment of the e-mail is an HTML document titled "Update Your Account Information.html". When users open this document in a web browser, the document displays a fake First Data Global Gateway login webpage.

This webpage encloses a form for entering the merchant's login credentials and other details, such as phone number, mailing address etc.

Commenting on the matter, Troy Gill, Security Researcher at AppRiver posted on his blog that, these all are important information to gain access over the merchants account. Once the cybercriminal gains access to the First Data account, he will probably gain control over that particular merchants account. He further mentioned that, it is quite uncertain that whether this violation will reveal any of the merchant's customer records, as reported by AppRiver on January 25, 2011.

Security experts further stated that, it is mainly because of the phishing campaigns of the above mentioned kinds that have resulted in the increase of phishing around the world. As a matter of fact, this particular point has proved to be right with what the security firm Symantec highlighted in its monthly report for January 2011, which stated that phishing activity was 1 in 409.7 e-mails (0.244%) in January 2011, up from 0.004% points since December 2010.

Due to the maliciousness linked with phishing campaigns of the above mentioned categories security experts mentioned easy phishing tips, which are: First, users should never reply to requests asking for personal details through e-mail as in this particular situation.

Second, users are recommended that if they are in suspicion to contact the institution that asserts to be the e-mail sender, for instance, in this situation, receivers should immediately contact the 'FIRSTDATA SERVICES'.

Finally, this recent phishing attack on "First Data Services" appears to be proving correct the forecast made by AppRiver for 2011. As per the AppRiver's prediction, conventional and novel techniques, phishing campaigns will be an omnipresent trend throughout 2011.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 2/3/2011