Mal-Aware.org

A recent phishing email targeted at the Mountain America Credit Union has been generating a lot of news today, even reaching the front page of Slashdot. The phishing email requests that the user enroll in the Verified by Visa program, a legitimate security program offered by Visa, and includes the first five digits of the card being enrolled. These five digits are found on all Mountain America cards, however it is not likely that Credit Union members understand this. The link in the email redirects the user to www.mountain-america.com - which is of course a phishing site with a look alike URL. The real URL of the bank is www.mtnamerica.org.

What the press finds the most interesting about this story, is that the phishing site was issued an SSL certificate this morning by Equifax, which is now part of a company named Geotrust. SSL certificate issuers are supposed to have a process in place to ensure that the entity requesting the certificate is authorized to do so on the companys behalf, obviously to avoid situations like this where SSL certificates are issued to illegitimate sites. In this case, Geotrust claims that their largely automated process failed to flag the site as suspicious, because the domain name was not matched to any related financial institutions…

The Washington Post and the Internet Storm Center have more on the story.

This entry was posted on Monday, February 13th, 2006 at 10:12 pm and is filed under Phishing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.