Webroot Cautions Online Christmas Shoppers against Phishers

According to an online security firm 'Webroot,' it has just detected an e-mail fraud that utilizes authentication program "Verified-by-Visa."

Describing the scam in detail, Andrew Brandt, malware Researcher at Webroot, said that it started with a fraudulent, phishing e-mail, which apparently targeted at holiday shoppers interested in purchasing gifts over the Internet. According to him, as soon as a user subscribed to the actual 'Verified-by-Visa' service, merchants (or online shoppers) allowed him to feed in his password and card details, as reported by Scmagazineuk on November 19, 2009.

Brandt further said that the password not only provided an extra security to the purchaser, but also an assurance to the merchant that transactions, unusually large like those conducted during vacation marketing periods, should be approved quickly. Moreover, the password ensured that fraud alerts didn't trigger and customer could safely conduct his business.

The web-page, which phishers running the scam created, was clearly highly skilled compared to normal phishing pages. In fact, its businesslike appearance tried to convince the end-user into thinking, it was truly from Visa, said Brandt.

The phishing campaign simply represents one of those which might attack Internet shoppers during the upcoming Christmas season as they crowd on the web, said Webroot. About 68% of consumers would be purchasing around 50% of their presents over the Net this Christmas.

The security company's researchers also anticipate that cyber criminals would use their highly successful trick - posting harmful web-links among the high-ranking results on search indexes -to lure purchasers looking for hot deals on trendy products. Further, these harmful web-links are expected to take Web-surfers to false alerts and fake items, in addition to other harmful malware.

Moreover, Webroot has identified an increase in attacks targeting social networking websites that might mean dangerous to consumers considering surfing on social networks to hunt Christmas presents.

Security experts have suggested certain tips for averting Internet phishing scams. Web-surfers must search with prudence on unknown sites. Keep security software up-to-date, and remain wary of public wireless systems since cyber criminals could alter their workstation configurations to imitate the entry points of these wireless networks for stealing users' sensitive data.

Related article: Webroot Detects Malware in Presidential Campaign Videos

» SPAMfighter News - 12/1/2009