Xlibris Cautions Customers Against Phishing E-mail

Print-on-demand publisher Xlibris has come to know about a phishing scheme from unknown sources using a domain address that is quite like the publisher's domain, but is not associated with Xlibris. Xlibris published this in news on May 24, 2008.

According to security officials, hackers have coined the term 'phishing' that mimics legitimate organizations' e-mails, in this case using Xlibris' CEO Mr. Feldman name, to lure people to provide their credit card details and passwords. Recent victims consist of Best Buy, Charlotte's Bank of America and eBay, where users were led to Websites that looked almost same as that of these companies.

Moreover in the incident, using the e-mail id Orders@Xlibris.us, the scammers pretend to inform that an order from the recipient could not be met because of inadequate credit card details. Hence, they ask the recipient to reply to the address with his CVC number, a 3-4 digit number from the credit card referred mostly for online purchase verifications.

The message in the fraudulent e-mail first says that the company appreciates the user's interest in Xlibris.com. Then it regrets its inability to process the user's request because of the incomplete CVC number provided that is hampering into the verification of information. And finally, it asks the user to send his CVC number for processing the order.

Xlibris, however, has completely disagreed having any relationship with the new domain name and its originators. It is also cautioning its clients against the fake e-mail and advising them to report any such message to their ISP.

Xlibris is also taking action to change its method of handling customers' credit card information to ensure greater security against phishing attempts, for that they have stopped storing those details in their database. Meanwhile, the message from Mr. Feldman includes an identical duplicate of the phishing e-mail along with a phone number where people could contact Xlibris to inform about any such messages received as well as forward any concerns or questions.

Moreover, Xlibris stated that it never asks for personal information from its customers either over e-mail or phone unless there is a specific project inquiry.

» SPAMfighter News - 6/4/2008