Dear Sirs:
RSA, an anti-fraud and security company, is under contract to assist Visa Inc. and its related entities in preventing or terminating online activity that targets potential fraud victims. RSA has been made aware that Limestone Networks appear to be providing Internet Services to a fraudulent Web site, which is part of a "phishing scam"*.
E-mail messages have been broadly distributed to individuals by a person or entity pretending to be Visa. The e-mails request recipients to verify and submit sensitive details related to a cardholder’s account. Within the fraudulent e-mail message, there is a link that leads the recipients to a fraudulent website. The fraudulent website is located at the following URL address http://vbvupdate.x10hosting.com/update.htm to which you provide services and which is under your control.
The purpose of this fraudulent website is to improperly obtain personal information from cardholders in order to fraudulently access their online accounts. The owners of those websites typically perpetrate identity-theft related activities, such as using a cardholder's credit card or online account without authorization. In addition, these unlawful actions serve to damage the reputation and image of Visa.
We are recommending that you investigate this website as soon as possible. In order to protect innocent visitors to the site from being misled or injured, we request that you immediately remove the pages located on that machine 69.162.76.170, terminate its availability on the Internet and discontinue the transmission of any e-mails associated with this website.
In addition to these necessary steps, Visa would like you to set up a redirect to the Anti Phishing Working Group (APWG) Phishing Education Landing Page at http://education.apwg.org/r/en instead of serving a 404 message or other error page when you disable a phish site. The APWG Public Education Initiative (PEI) has created a webpage to educate users about phishing. The page specifically explains that they have just fallen for a phishing communication (email or otherwise) and talks about ways they can avoid being victimized in the future. If you wish to learn more about how to set up the redirect, please read here: http://education.apwg.org/r/how_to.html.
We would also request that you sequester any data related to this site for future investigation or handling as directed by law enforcement. This would include files, source code, and any data stored that is associated with it. It would also include any log entries of access to the server for the site, connections to upload or download data to the site, or records of the account being created.
We understand that you may not be aware of this improper use of your services and we appreciate your cooperation.
Thank you for your cooperation to prevent and terminate this fraudulent activity.
Sincerely,
RSA Anti Fraud Command Centre Visa Inc. Global Compliance
Tel: +44(0)800-032-7751 (UK) Tel.: +1 (650) 432-4574 (USA)
Tel: +1-866-408-7525 (US) E-mail: globalcompliance@visa.com
Fax: +972-9-9566658 (EU)
Fax: +1-212-208-4644 (US)
E-mail: afcc@rsasecurity.com
*"Phishing" is an e-mail scam that attempts to trick consumers into revealing personal information, such as their credit or debit account numbers, checking account information, Social Security Numbers, online account passwords, or other identifying information, through an imposter's Web site or in a reply e-mail.
122
RSA, an anti-fraud and security company, is under contract to assist Visa Inc. and its related entities in preventing or terminating online activity that targets potential fraud victims. RSA has been made aware that Limestone Networks appear to be providing Internet Services to a fraudulent Web site, which is part of a "phishing scam"*.
E-mail messages have been broadly distributed to individuals by a person or entity pretending to be Visa. The e-mails request recipients to verify and submit sensitive details related to a cardholder’s account. Within the fraudulent e-mail message, there is a link that leads the recipients to a fraudulent website. The fraudulent website is located at the following URL address http://vbvupdate.x10hosting.com/update.htm to which you provide services and which is under your control.
The purpose of this fraudulent website is to improperly obtain personal information from cardholders in order to fraudulently access their online accounts. The owners of those websites typically perpetrate identity-theft related activities, such as using a cardholder's credit card or online account without authorization. In addition, these unlawful actions serve to damage the reputation and image of Visa.
We are recommending that you investigate this website as soon as possible. In order to protect innocent visitors to the site from being misled or injured, we request that you immediately remove the pages located on that machine 69.162.76.170, terminate its availability on the Internet and discontinue the transmission of any e-mails associated with this website.
In addition to these necessary steps, Visa would like you to set up a redirect to the Anti Phishing Working Group (APWG) Phishing Education Landing Page at http://education.apwg.org/r/en instead of serving a 404 message or other error page when you disable a phish site. The APWG Public Education Initiative (PEI) has created a webpage to educate users about phishing. The page specifically explains that they have just fallen for a phishing communication (email or otherwise) and talks about ways they can avoid being victimized in the future. If you wish to learn more about how to set up the redirect, please read here: http://education.apwg.org/r/how_to.html.
We would also request that you sequester any data related to this site for future investigation or handling as directed by law enforcement. This would include files, source code, and any data stored that is associated with it. It would also include any log entries of access to the server for the site, connections to upload or download data to the site, or records of the account being created.
We understand that you may not be aware of this improper use of your services and we appreciate your cooperation.
Thank you for your cooperation to prevent and terminate this fraudulent activity.
Sincerely,
RSA Anti Fraud Command Centre Visa Inc. Global Compliance
Tel: +44(0)800-032-7751 (UK) Tel.: +1 (650) 432-4574 (USA)
Tel: +1-866-408-7525 (US) E-mail: globalcompliance@visa.com
Fax: +972-9-9566658 (EU)
Fax: +1-212-208-4644 (US)
E-mail: afcc@rsasecurity.com
*"Phishing" is an e-mail scam that attempts to trick consumers into revealing personal information, such as their credit or debit account numbers, checking account information, Social Security Numbers, online account passwords, or other identifying information, through an imposter's Web site or in a reply e-mail.
122
