An innocent looking HTML-based e-mail telling recipients that their Mountain America credit union card was automatically enrolled in the Verified by Visa program, a legitimate security program offered by Visa is actually a sophisticated phishing fraud.

 

 

The email contains the first 5 digits of the holder's credit card number. This seems like a standard way for credit companies to communicate with their customers. But think again. The 5 last digits are the confidential numbers. The first 5 digits are the same for all holders of a card brand.

 

That's not all. The victims reach a site secured by an SSL with certificate from Equifax which show the name of the company is "Mountain America" that is based in Salt Lake City (where the real Mountain America credit union is based.)

 

Read more from Washington Post