Shoppers targeted by 'Verified by Visa' email scamPhishing scam targets online Christmas shoppers

19 November 2009

Shoppers at Christmas in a shopping mall

Christmas shoppers are being warned to be on the alert for a fake 'Verified by Visa' email scam that could potentially ruin their Christmas cheer.

The phishing scam is claimed to begin with an email informing the recipient that they can sign up for the Verified by Visa scheme – a genuine security measure offered by the credit card company.

Real Verified by Visa scheme prevents fraudulent transactions

More than 250,000 shopping websites use the real Verified by Visa service, which allows users to set a password linked to their Visa card. Users are then prompted for this password every time they pay using their Visa card at a participating online retailer.

The aim of Verified by Visa is to provide an extra layer of security to .

Find Best Buy security software to protect your computer in the Which? guide

How to spot the Verified by Visa phishing scam

The scam, according to security firm Webroot which highlighted the issue in its blog, is relatively simple to spot.

Firstly, you don’t need to visit a Visa website in order to sign up to the Verified by Visa scheme. Instead, while buying online from a site that uses the Verified by Visa service, you will be prompted to sign up while entering your billing details.

The phishing scam instead directs you to a web page asking for personal details such as your mother’s maiden name, National Insurance number and birth date.

Other warning signs include the fact that the phishing email is sent from a Gmail account, and links to an unsecured (http as opposed to https) web page. 

Online shoppers are a target for scammers

Webroot says the scam is just one of many that will target online shoppers this Christmas as shoppers flock to the web.

The security firm found that 68% of people plan to buy at least half of their gifts online this Christmas. 

For details of the read our biggest ever online shopping survey 

According to the survey, over half of respondents frequently, if not always, use search engines to find gifts online and two in five trust the first page of search results – a prime target for malicious links.

‘Cybercriminals appear to be gearing up for a lucrative holiday season,’ said Mike Kronenberg, chief technology officer of Webroot’s consumer business.

Sarah Kidner, editor of Which? Computing said: ‘Shopping on the web is arguably less stressful that hitting the high street, especially at this busy time of year. However, we’d advise people to stop and think before handing over personal details.'

Online shopping tips

  • Search wisely: Don’t click links to unfamiliar websites 
  • Protect your PC: Make sure you have up-to-date security software 
  • Beware public wireless networks: Free networks such as those in coffee shops and airports are often unsecured
  • Use a credit card: If you are a victim of fraud or cybercrime, most credit card agreements limit your liability for the charges.

How to follow the latest Which? Tech news

Are you a Twitter user? Follow WhichTech on Twitter for regular tech tweets.

Prefer RSS? Don't miss a thing with the Which? tech RSS feed

For just the main headlines in newsletter form, sign-up to our weekly Which? tech email.

Apple iPad 2 3G data plans compared - find the best 3G plan for your iPad
Best Android tablets round-up - we look at the best iPad alternatives around
Best cheap laptops for under £500 - find the best laptop deals