For the past month or so Symantec has been observing phishing websites that are spoofing a leading brand that provides prepaid debit card services to U.S. citizens. Legitimate prepaid debit cards help people to make purchases, pay bills, shop online, etc. without the need of a bank account. These services are beneficial to those who do not have the income to maintain a minimum balance in a bank account. The fraudulent websites were created to target a large population of low- to mid-income citizens in the USA who prefer prepaid debit cards. The phishing website that attacked the legitimate brand states that the user’s “account has been limited.” The user is prompted to update his or her confidential information, such as login credentials and debit card details, in order to re-activate the account. After the credentials are entered, the phishing site provides a message that states the verification was successful and the account has been reactivated. If the user falls victim to the phishing site, the fraudster may succeed in stealing the sensitive information and use it for financial gain. The phishing attack was made up of URLs with randomized domain names that were hosted on the same set of IP numbers and contained the same fraudulent Web page. Randomized domain names are used as a technique to evade anti-phishing detections. The attack was observed primarily during the first half of May 2010. The domains were hosted on servers based in the USA and Bulgaria. Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams: • Do not click on suspicious links in email messages. • Check the URL of the website and make sure that it belongs to the brand. • Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link. • Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing. =============== Note: My thanks to Rohan Shah, co-author of this blog.