Increase font size Decrease font size

Email scam targets ‘Verified by Visa’


Doing your Christmas shopping online is a good way to beat the crowds and chaos this year. There are however certain things you have to be careful about in the online shopping world. A new phishing scam, recently uncovered by webroot (, targets online shoppers looking to sign up to the ‘Verified by Visa’ program.

The ‘Verified by Visa’ security system works by setting up credit card users with an additional password for online transactions. When a purchase is made through a participating vendor site, the additional secret password is required to complete the transaction.

The new phishing scam begins with an email, informing the recipient that they can sign up for a ‘Verified by Visa’ program by visiting a supplied web page. Upon visiting the fraudulent webpage, unsuspecting victims are asked to supply all the information they supplied to their card-issuing institution when they first signed up for a Visa card.

What is worrying is that the web page is considered more professional, slick and clean than most other phishing pages. The page’s businesslike appearance serves to reassure the victim that the page really belongs to Visa.

‘Verified by Visa’ helps to prevent criminals from using stolen card numbers and reduces the incidents of fraud. It’s important to make sure that you’re signing up for Visa’s genuine program however, and not providing crooks with access to your private security information.

Phishing attacks work by a cybercriminal sending a "spoofed” email that appears to come from a legitimate organisation such as a credit union, bank, card company or ISP. The email may ask for a reply with private information details in order to "update security" or for some other reason. The phishing email may also direct recipients to a spoofed website or pop-up window which looks exactly like the real site, but has been set up for the sole purpose of stealing personal information.
With online crime growing all the time it’s important to:

  • Remember that after an account has been set up, banks will never ask a customer to resupply private information through an email
  • Understand how phishing scams like fake websites can be detected
  • Keep informed about the types of online security risks you may encounter.