From: Visa International Service [mailto:security@visa-security.com]

Sent: 06 December 2003 4:26 AM

To: XXXXXXXXXXXX

Subject: Visa Security Update

http://www.geocities.com/cardvisa3/p_secure_holiday.jpg

Dear Customer,

Our latest security system will help you to avoid possible fraud actions and

keep your investments in safety.

Due to technical security update you have to reactivate your account

Click on the link below to login to your updated Visa account.

To log into your account, please visit the Visa Website at

http://www.visa.com

http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&

usersoption=SecurityUpdate&StateLevel=GetFrom@61.252.126.191/verified_by_visa.html

We respect your time and business.

It’s our pleasure to serve you.

Please don’t reply to this email. This e-mail was generated by a mail

handling system.



Copyright 1996-2003, Visa International Service Association. All rights

reserved.

Although the mail uses images hosted with Netfirms and Geocities, the main hosting location for the scam is the 61.252.126.191 ip address which is registered in Korea.

Through the content Netcraft retrieves during the Web Server Survey, Netcraft can alert banks to domain names or page content that may form part of attempts to deceive, and through our application testing services, can audit banks own web applications for design errors and erroneous functionality.