Phishing Prepaid Debit Card Accounts

For the past month or so Symantec has been observing phishing websites that are spoofing a leading brand that provides prepaid debit card services to U.S. citizens. Legitimate prepaid debit cards help people to make purchases, pay bills, shop online, etc. without the need of a bank account. These services are beneficial to those who do not have the income to maintain a minimum balance in a bank account. The fraudulent websites were created to target a large population of low- to mid-income citizens in the USA who prefer prepaid debit cards.

The phishing website that attacked the legitimate brand states that the user’s “account has been limited.” The user is prompted to update his or her confidential information, such as login credentials and debit card details, in order to re-activate the account. After the credentials are entered, the phishing site provides a message that states the verification was successful and the account has been reactivated. If the user falls victim to the phishing site, the fraudster may succeed in stealing the sensitive information and use it for financial gain. 
The phishing attack was made up of URLs with randomized domain names that were hosted on the same set of IP numbers and contained the same fraudulent Web page. Randomized domain names are used as a technique to evade anti-phishing detections. The attack was (continue reading...)