We have posted already about Visa and Mastercard scams in English. We don’t see very often a dutch phishing campaign which is created after some known English phishing. Usually, Dutch phishing is related to the most important banks in Holland, but this one is trying to fool the users of Visa and Mastercard with a classical “update your credit card data”.
A Dutch colleague briefly checked the text of the email and found immediately that it is written in a bad Dutch language. Even for the someone who doesn’t speak Dutch at all (like me) it is strange to see that some punctuation seems to be missing, so for a native this is a clear sign of fraud.
The fake website says something about the International Card Services and is clearly copied (including even the tracking code) from the original website and adapted for the phishing attack. However, the fraudsters didn’t even bother to check any of the fields, so if you press Submit, you’re taken to an intermediate website which saves the data (using a form) and then redirects the browser to the real visa.nl website.
Sometimes it is quite funny to see that the fraudsters seem to forget which site they intended to phish. As a reminder: The phishing mail mentions Visa and Mastercard, the fake website mentions ICS (which is related to Visa and Mastercard, but a different website), the intermediary page shows again Visa and Mastercard, and the final website is visa.nl.
Avira users don’t have any reasons to be worried: the URL is blocked and the emails are detected as phishing.
Data Security Expert