Bank of America customers are the targets of a new
phishing scam which uses the Verified by Visa anti-fraud programme as the bait to lure victims.
“Your Bank of America card has been automatically enrolled in the Verified by Visa program,” one version of the email says. “To ensure your Visa card's security, it is important that you protect your Visa card online with a personal password. Please take
a moment, and activate for Verified by Visa now.”
Visa was forced to
defend the VbV enrollment process when the scheme was rolled out in the UK earlier this year. The programme was criticised by cardholders who complained about being asked to hand over card numbers and other security details to a Website that unexpectedly
popped up when they were making an online transaction. Many shunned the pop-up for fear that it was a fraudulent ruse to capture sensitive financial data.
You can understand why consumers might be confused. On the one hand we are constantly warned never to key in card numbers or passwords unless absolutely sure that we are dealing with a legitimate entity, and on the other Visa is promoting a programme that
requires cardholders to ignore these warnings and input their card details to an unfamiliar Web site.
It’s really no surprise to see the scammers getting involved.