Security Alert

July 2010: Verified by Visa® & MasterCard SecureCard Phishing Scam Targeting Online Banking Users

We have recently learned of a new phishing scam targeting Verified by Visa and MasterCard SecureCard users. While ISU Credit Union has not been a target of this scam, we wanted you to be aware that cyber criminals are utilizing the ZeuS botnet to target online banking customers. Here's how it works:

The criminals are setting up spoofs of the Verified by Visa and MasterCard SecureCard enrollment pages. The phony enrollment form asks for personal and card account details by claiming new FDIC rules require consumers to enroll in one of the programs.
The information collected from the phish is then used to attempt card-not-present fraud.

As with any phishing scam, it is important to know that Visa takes this issue seriously and has a system in place to identify and shut down fraudulent sites. Visa works with client financial institutions and thirdparties to remove fraudulent sites, usually within 24 hours of being detected or reported. Visa is working to identify sites related to this scam as quickly as possible and disable them. Visa-related phishing scams can be reported to phishing@visa.com.

There is no inherent vulnerability in Verified by Visa related to this particular attack. The scam relies on malware being installed on the online banking member's computer. Members who use updated antivirus software and employ internet browser security controls that prevent suspect scripts or limit injection are generally not vulnerable.

Security Alert

Quick Links

Accounts

Loans

		Security Alert July 2010: Verified by Visa® & MasterCard SecureCard Phishing Scam Targeting Online Banking Users We have recently learned of a new phishing scam targeting Verified by Visa and MasterCard SecureCard users. While ISU Credit Union has not been a target of this scam, we wanted you to be aware that cyber criminals are utilizing the ZeuS botnet to target online banking customers. Here's how it works: The criminals are setting up spoofs of the Verified by Visa and MasterCard SecureCard enrollment pages. The phony enrollment form asks for personal and card account details by claiming new FDIC rules require consumers to enroll in one of the programs. The information collected from the phish is then used to attempt card-not-present fraud. As with any phishing scam, it is important to know that Visa takes this issue seriously and has a system in place to identify and shut down fraudulent sites. Visa works with client financial institutions and thirdparties to remove fraudulent sites, usually within 24 hours of being detected or reported. Visa is working to identify sites related to this scam as quickly as possible and disable them. Visa-related phishing scams can be reported to phishing@visa.com. There is no inherent vulnerability in Verified by Visa related to this particular attack. The scam relies on malware being installed on the online banking member's computer. Members who use updated antivirus software and employ internet browser security controls that prevent suspect scripts or limit injection are generally not vulnerable.