Published by
 

Philippine Business Magazine: Volume 11 No.3 - Technology

Phishing Expedition

Beware of a new internet scam that targets credit card holders

By Joel D. Pinaroc

Anti-virus firms, security experts, and some government agencies – particularly in the United States – have issued warnings regarding a new wave of Internet spams and scams targeting credit card holders.

What is alarming is that these scams have become sophisticated that even the most careful consumer can fall prey to scam e-mails that are cleverly disguised as legitimate e-mails.

One popular scam uses e-mail messages to ‘harvest’ customer account numbers and personal identification numbers.

Called ‘phishing’ – or the use of spam or junk e-mail to lure people to bogus Internet sites that appear like those of known companies, and deceive consumers into divulging personal data – many companies, including Visa and Citibank, have reported numerous instances when unscrupulous individuals ‘fish’ for personal data, hence the term.

The virus connection

One of the most properly documented ‘phishing’ incident was reported by a United Kingdom-based anti-virus software firm, after the company was able to identify a virus spreading via e-mail that has been targeting credit card information.

In its advisory, Sophos identified the virus as a variant of the “Mimail worm,” a self-replicating software script that reportedly has victimized consumers in South Africa, Australia, and New Zealand. It warned that the virus could reach other regions and is particularly dangerous because it asks recipients to give detailed information about their credit cards.

The trick is simple. An e-mail message arrives in a user’s mailbox with the subject line “YOUR PAYPAL.COM ACCOUNT EXPIRES.”   Consumers are fooled because Paypal.com is a legitimate online company and the e-mail message asks recipients to provide detailed information about their credit cards, claiming that PayPal “is implementing a new security policy.”

To add another layer of legitimacy, the e-mail also advises a consumer not to send this personal information through e-mail, instead instructing credit card holders to run an e-mail attached program.

The ‘phishing’ is unleashed after the user double-clicks on the attached file, “www.paypal.com.scr.” A dialog box then pops up, requesting the user to enter a range of information about their credit card including credit card number, PIN, expiry date, and even the CVV code - the three-digit personal security code printed the back of credit cards.

Page 1 | 2



 
Technology

 



   
Back to top
 
Home | News & Updates | Surveys & Forecasts | Economic Statistics | Legislation | Guide to Doing Business
Geographics | Directories | Travel & Leisure | Magazine | Subscribe | About Us | Write Us | Search
  
 

Copyright © 2001-2006 MAKATI BUSINESS CLUB All Rights Reserved