Verified by Visa, a legitimate program that is used to make the security on credit cards more effective, has become a way for fraudsters to steal credit card details from customers. The point of Verified by Visa is that whenever an online transaction is made, customers have to enter a password thus finalizing it.
Recently, however, scam mail has been reported, which looks something like this:
"Your Bank of America card has been automatically enrolled in the Verified by Visa program.To ensure your Visa card’s security, it is important that you protect your Visa card online with a personal password. Please take a moment, and activate for Verified by Visa now."
The email ends with a clear giveaway in the form of a warning that if the user fails to enroll in the program, his credit card will be temporarily disabled.
The links in the email lead users to websites controlled by hackers, where they find spaces to enter their credit card information.
Knowing that Bank of America has a lot of customers, it is fairly easy to send spam to a real user‘s inbox, even without information of who is and who isn‘t a customer.
I think it’s gone beyond an e-mail scam. I am an Electronic Banking Coordinator at a midwest bank. One of my customers came into my office this morning with a screenshot of a popup that had appeared after he had entered his login information for his Online Banking account. It had logos for Verified by Visa and MasterCard SecureCode on it and the following message:
Due to recent changes to FDIC Deposit Insurance Rules all our customers must be enrolled in Verified by Visa or MasterCard SecureCode program depending on type of your Check Card. To continue complete this form and click Activate Now.
The popup then had spaces for and requested the following information:
SSN, Card Number, Expiration Date: Signature Code (Last 3 digits on the back)
Card PIN Code (4-6 digit code that you enter in ATM), Choose and confirm password.
Appearing where it did, after the customer had entered his login information, it appeared to come from us and appeared to be a requirement to continue on to see his account information. In my opinion, this is a very dangerous example of malware. I have seen no reference to this popup version of the Verified by Visa phishing attempt anywhere I have checked on the internet. Is it new, does anyone know? The first time my customer saw this was Sunday, 3/29.
This has happened to me and I will not put in my personal info because it is obviously a virus. problem is.. how do i get my online banking back??? I cannot access the banks site because this popup. ANy ideas on how i can bypass this? I tried a virus scan and it wasnt detected.
@Cristine Dell
I guess I am a victim of this same junk, I like Cristine have scanned and even called the bank. The bank says it’s a virus and I must get rid of it. I can’t!!
I am having the same problem with my regions account, paypal and ebay accounts. Does anyone know how to get rid of this problem?
They have moved from emails and have started creating websites that are exact replicas of the website you are tyring to go to. The difference is the https vs. http. This morning I got scammed by a fake ebay site…and now must change all my information before it is stolen.
Usually, http and https websites are owned by same company. It is probably different URL from legitimate sites.
I just received an email from : [email protected]. It stated that my Visa has been suspended and provided a link to fill out a form to reinstitute the card. The form requested Full Name, full address, cc number, exp date, verification code from the back of the card. The email also stated that if I did not act and complete the form by Nov 11 that my card would be permanently cancelled. This is the second attempt I have received to steal my personal information…..Visa and Mastercard holders…beware!!!!@Patti Krause
@Patti Krause
One of my clients was JUST almost victim to this. I just walked her through it. thank you for reporting this, it helped me determine that this was dangerous and fraudulent!
Mine was abused by a fraudster who works for SKY TV they had my card details over the phone and all they needed to change my password “legitimately” was my date of birth, press the lost password link under the user-name password section of verified by visa, I was dumfounded when I done this, they dont send an email asking to verify yourself just a simple email saying thanks for changing your password your old password no longer works!!!!!
Oh and to get rid of the virus use superanti spyware malewarebytes and spybot all free so dont pay for any of the above, also use mozilla firefox as browser install no script and ad block plus this will stop any future problems and get rid of all the ads to speed up your browsing pleasure, if it can be called that anymore.
Abi: Technically, neither of these tools are antiviruses. I would recommend having one, though. From free ones I would recommend AVAST, though I myself happily paid for ESET’s Smart Security.
Having Antivirus, firewall and Anti-malware solution with real time protection ( superantispyware or spybot in your case, malwarebytes free is like morning-after pill) makes you pretty much safe against most (not all) of malware.
Hi Admin, I had Microsoft essentials and avast on the computer neither of which would get rid of the Trojans which was the xp antispyware programs which had managed to switch off the Microsoft essentials in the security centre aswell as turn off the firewall,I have now switched the home computers over to Linux based Ubuntu and so far so good, I cant change the work computers at present as there are some specialist programs needed.But yes I agree you definitely need a lot of protection,
Abi : Thats the reason I am not using Microsoft SE now – it has not good enough detection ratio; and also a reason to have an anti-malware/spyware program with REAL TIME protection.
There are many variations of this same phishing scam. It just happened to me. Somewhere along the line, this laptop was infected with some sort of Trojan in the form of either a website link or and ad or an ad or website link in an email. When the user clicks on the ad or link or opens the attachment in the email. It installs a file that initiates the phishing scam program. Once initiated on your machine, I believe it uses your web browser history, cache and cookies to identify when you are entering CC data into a website. Right after you enter your payment information and you hit the submit button or confirm button to send your payment information to the website. That is when the program somehow identifies your banking institution that your CC is assigned to and creates a believable rendition of your banks logo and so on with fake terms of agreement and so on. It asks for all the pertinent personal and CC information to not only drain your CC account but also to tak over your entire identity. Such as CC Number, CC Expiration, CC owners name on the CC, Billing address, your birthday and the last four of your social security number. With all of that information they can BE you. Even after running the latest version of CCleaner, the latest version of Malwarebytes and having MS Windows Defender running on Windows 10 and this still happened. It happened to me twice today after I first borrowed my Brothers laptop, created my own profile on it in Windows 10. I went to a website to purchase a roundtrip airline ticket. I could not make the purchase because this phishing incident stopped the transaction to steal my personal and CC Data. It would not allow you to finish the transaction without entering the data into their popup window. I knew that something was wrong. I called the fraud department at my bank and they said if their logo is on the verified by visa popup then it was a phishing scam and DO NOT EVER ENTER YOUR INFORMATION INTO that popup. I went to another airline to buy another ticket for a connecting flight. Same exact thing happened. I filed a ticket with the airline IT people. They said to clear your browsers cache, clear history and clear everything you can from the browser settings. I did that on Microsoft Edge and Chrome. This happened on any site where I used that CC to try and make a purchase. Good luck people. Be careful and be safe.