Users of Discover Financial Services Inc.’s DiscoverCard were targeted by an e-mail scam this week designed to trick them into giving out their personal information, including user identifications, account numbers, passwords, Social Security numbers, mothers’ maiden names, card numbers and expiration dates. But this scam differed from the e-mail scams that have targeted users of companies such as PayPal Inc., eBay Inc. and Yahoo Inc. Yesterday, a reader e-mailed Computerworld saying she had received a suspicious-looking HTML e-mail that purported to be from DiscoverCard. The e-mail, which actually came from someone whose e-mail address was [email protected] said: “Due to your inactivity your account has been put On Hold. To remove this status you have to Log In to your account and review Discover Privacy Policy.” Usually, scam artists set up a spoof Web site to try and trick users into providing their personal information. Spoofed sites look official and generally mimic a company’s actual site. But whoever sent out the bogus e-mail linked directly to content on DiscoverCard’s actual Web site and wrapped the form seeking users’ information in a hidden submission. That redirected the information to an e-mail address at warshawsales.com, according to Russ Cooper, a security consultant at TruSecure Corp. in Herndon, Va. Cooper said Discover is one of TruSecure’s clients. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.