From: Visa International Service [mailto:security@visa-security.com]
Sent: 06 December 2003 4:26 AM
To: XXXXXXXXXXXX
Subject: Visa Security Update
http://www.geocities.com/cardvisa3/p_secure_holiday.jpg
Dear Customer,
Our latest security system will help you to avoid possible fraud actions and
keep your investments in safety.
Due to technical security update you have to reactivate your account
Click on the link below to login to your updated Visa account.
To log into your account, please visit the Visa Website at
http://www.visa.com
http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&
usersoption=SecurityUpdate&StateLevel=GetFrom@61.252.126.191/verified_by_visa.html
We respect your time and business.
It’s our pleasure to serve you.
Please don’t reply to this email. This e-mail was generated by a mail
handling system.
Copyright 1996-2003, Visa International Service Association. All rights
reserved.
Although the mail uses images hosted with Netfirms and Geocities, the main hosting location for the scam is the 61.252.126.191 ip address which is registered in Korea.
Through the content Netcraft retrieves during the Web Server Survey, Netcraft can alert banks to domain names or page content that may form part of attempts to deceive, and through our application testing services, can audit banks own web applications for design errors and erroneous functionality.