Goin’ Phishin’

In an effort to protect you against fraud we want to keep you informed about the latest phishing scams reported by Visa and Mastercard.

Phishing is an attempt to garner secure information such as usernames, passwords, and credit card details by posing as a trustworthy source in an email or instant message. Links in the messaging will redirect the victim to a website that looks almost identical to the legitimate site. Common sources used are popular social web sites, auction sites, online payment processors or IT administrators.

Here are two phishing scams going on right now in the payments industry which appear to come from Visa and Mastercard:

If you receive either one of these emails, please forward the email or contact information to phishing@visa.com or datasecurity@mastercard.com.

The good news is that you can rest assured that Visa and Mastercard will NEVER contact you directly.  To help protect against future scams and those from other sources, here are 6 tips from Visa:

1. Look Closely at the Sender’s E-mail Address

Although the “From” line in the e-mail might resemble a valid e-mail address, a closer look might reveal unusual characters that can help confirm that the address is fraudulent. For example, a “-x” after the word “support” is an attempt to replicate a valid support contact email address but is really a fake.

2. Check E-mail Images and Graphics

Images used in fraudulent e-mails are often out of place or are inaccurate imitations. For example a fraudster may not fully understand the payment card industry and incorrectly provide co-branded images or images for the wrong product, such as the Visa Verified by Visa logo and the Mastercard SecureCode logo instead of the card brand logo.

3. Pay Attention to Message Format and Text

Message length, grammar, word choice and sentence structure play a large part in the success of a phishing e-mail. For the example, the brevity of the message and the lack of personalization (e.g., the merchant’s name is not used; the sender’s contact information is not provided) could indicate that the communication is fraudulent.

4. Pay Attention to Message Tone and Look for Consequences Resulting From Lack of Action

Be aware of the tone used in the e-mail message. Does it demand your attention and indicate that there will be consequences if you do not take action? This is a common thread in phishing messages.

5. Consider Whether the Message Received Seems Out of Character

Relationships with financial institutions develop over time. Through the course of business, you may learn that your financial institutions like to conduct business and exchange information in a particular way. Ask yourself, “Would my financial institution or transaction processor send a message like this?” Or is it more likely that you would receive a phone call or be asked to address the issue over a more secure method?

6. Be Wary of Embedded Hyperlinks

Hovering over an embedded hyperlink should reveal the associated URL. If you don’t recognize the URL or if the URLs don’t match, do not click on it! Even embedded links for sites that you know or recognize may contain clues indicating fraud (such as hidden characters or other slight modifications), which can be easy to miss. Instead, open a new browser window and type the web URL you know to be right.