DiscoverCard users hit with e-mail scam

Linda Rosencrance   Today’s Top Stories   or  Other Cybercrime and Hacking Stories  

SAS Dream Team Video: Strategies for getting senior executives to agree Advances in SSL and Certificate Management Virtualization: Simplify. Automate. Lower Costs. Go Green with Webroot® Perimeter Security SaaS! Maximizing Site Visitor Trust Using Extended Validation SSL Take Exchange to the Max Six Questions To Ask About Information And Competition Virtual Reality SaaS Solutions for Remote Systems Management Sign up to receive Cybercrime and Hacking Resource Alerts

March 14, 2003 (Computerworld) -- Users of Discover Financial Services Inc.'s DiscoverCard were targeted by an e-mail scam this week designed to trick them into giving out their personal information, including user identifications, account numbers, passwords, Social Security numbers, mothers' maiden names, card numbers and expiration dates.
But this scam differed from the e-mail scams that have targeted users of companies such as PayPal Inc., eBay Inc. and Yahoo Inc.
Yesterday, a reader e-mailed Computerworld saying she had received a suspicious-looking HTML e-mail that purported to be from DiscoverCard.
The e-mail, which actually came from someone whose e-mail address was secure19@warshawsales.com said: "Due to your inactivity your account has been put On Hold. To remove this status you have to Log In to your account and review Discover Privacy Policy."
Usually, scam artists set up a spoof Web site to try and trick users into providing their personal information. Spoofed sites look official and generally mimic a company's actual site.
But whoever sent out the bogus e-mail linked directly to content on DiscoverCard's actual Web site and wrapped the form seeking users' information in a hidden submission. That redirected the information to an e-mail address at warshawsales.com, according to Russ Cooper, a security consultant at TruSecure Corp. in Herndon, Va. Cooper said Discover is one of TruSecure's clients.
By setting up the scam that way, the contents of the form -- a user's personal information -- went to the scammer and weren't submitted to the DiscoverCard site. "I've never seen this done before," Cooper said.
The Warshaw Sales domain name was registered with Mountain View, Calif.-based domain name registrar Verisign Inc. on March 10 and taken down on March 13 at the request of the registrant, a wholesaler that sells domain names to other parties, according to Verisign spokesman Pat Burns.
The domain was originally hosted by Fort Lauderdale, Fla.-based Web hosting company, Affinity Internet Inc. Affinity spokeswoman Michelle Van Jura said the company was made aware of the Warshaw Sales site and shut it down early March 12.
Cooper said he tracked the Warshaw Sales e-mail to IP addresses in Newfoundland and Ontario.
Cathy Edwards, a spokeswoman for Riverwoods, Ill.-based Discover, confirmed that the e-mail was a scam. Edwards said Discover is aware of the situation and is taking steps to combat it, although she wouldn't go into detail for security reasons.
"Discover has now modified the graphics that were being linked to in the e-mail so that now when you view the Web page, what you see is a big flashing yellow 'Alert' and the words 'Fraudulent e-mail call 1-800-DISCOVER,' and the two buttons that used to say 'Log In' and 'Password Reset'now say 'Fraud' and 'Don't Click,'" TruSecure's Cooper said.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"This is a story that just won't go away. Sarah Palin has been ordered to retain her Yahoo private e-mail..." Read more... "It appears that some baddies have been cracking open the electronic vaults at the World Bank, and it has been..." Read more... Read more Security posts or See all Blogs

'Experimental' security fix is malware, Microsoft says Top security suites fail exploit tests Gartner: Financial meltdown may mean hiring freezes, staffing cuts for IT More top stories...

Microsoft readies first attack forecast NASA follows Mars successes with plans for $2B super rover Microsoft sticks with 'Windows 7' for next OS

Q&A: E-voting security results 'awful,' says Ohio secretary of state How bad? 'I thought I was going to throw up,' Jennifer Brunner recalls. IT's biggest project failures -- and what we can learn from them Think your project's off track and over budget? Learn a lesson or two from these infamous project flameouts. Sprint's 4G Xohm WiMax: How fast is it? In our hands-on testing, the new Xohm WiMax network from Sprint was fast and smooth -- but for now, you have to be in Baltimore to get it. Accused Palin hacker has a history of intrusion College student David Kernell allegedly broke into a middle school server eight years ago, according to a former teacher. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland Security Apple's iPhone Ask a Premier 100 IT Leader Bill Gates steps down BlackBerry Legal Battle Data Security Breaches Electronic Voting Firefox H-1B Visas HP's Boardroom Scandal Handheld Devices Hurricane Katrina Aftermath Microsoft Legal Issues Microsoft's Vista Open Source RFID Technology SCO's Linux Fight Sarbanes-Oxley Act Spam Voice Over IP Wi-Fi Windows Meta File Vulnerability Windows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class 2006 Computerworld Horizon Awards 2006 Premier 100 IT Leaders 2006 Salary Survey 2007 Best Places to Work in IT 2007 IT Forecast 2007 Premier 100 IT Leaders 40 Years of Computerworld ASPs, Take Two Best Places to Work in IT 2003 Best Places to Work in IT 2004 Best Places to Work in IT 2005 Best Places to Work in IT 2006 Business Intelligence Home Runs Business Intelligence: Smarter BI Business Intelligence: The Future of BI CRM Goes Vertical CRM: Sober CRM Career Planning Guide 2005 Careers: IT Profession 2010 Computerworld Horizon Awards 2005 Data Management: Mining for Gems Data Management: Taming Data Chaos Development: Hard-Workin' Web Sites Development: New Tools New Choices Development: The New World of Application Development Development: The Web Services Tsunami Development: Web Services Hurdles Disaster Recovery: Preparing for the Worst E-commerce Grows Up E-mail/Groupware: Big Decisions Faces of Mobile IT Forecast 2006 Global Mobile Hardware: Multiple Cores, Multiple Challenges Hardware: On-Demand Un-Hyped Hardware: The Shape of Things to Come Horizon Awards: 10 Cool Cutting Edge Technologies IT Management: Guide to Managing Vendors IT Management: Navigating Global IT IT Management: Recovery Ahead IT Management: The Future of IT IT Management: The Resourceful Project Manager Innovative Technology Awards 2004 Management: Reinventing IT Microsoft in Transition Mobile/Wireless Leaders and Laggards Mobile/Wireless: The Untethered Worker Mobile/Wireless: Tiny Gadgets, Huge Costs Network Management: Taking Control Networking: Turbulence Ahead! Networking: VoIP Goes Mainstream Operating Systems: In the Slow Lane Operating Systems: Linux Goes Global Operating Systems: Should You Nix Unix? Outsourcing: Offshore Buyer's Guide Outsourcing: Outsourcing Dangers Premier 100 IT Leaders 2004 Best in Class Premier 100 IT Leaders 2005 Best in Class ROI: Do the Math! Salary Survey 2003 Salary Survey 2004 Salary Survey 2005 Security Action Plan Security: Compliance Headaches Security: Proactive Security Security: Risk and Reward Security: Tips From Security Pros Souped-up Security Storage: Battling Complexity Storage: Cheap & Secure Data Stores Storage: Stretching Your Storage Dollars Storage: The Lean Storage Machine Storage: The New Rules of Storage Storage: The Ultimate Backup Guide Supply Chain: Missing Links Supply Chain: RFID Reality Check The Business of Security Web 2.0 Security Wireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone Windows Protection Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Business Transaction Management: Facilitating the Management of Virtual Environments Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage Prudential Financial protects its brand with Symantec Data Loss Prevention solutions View more whitepapers  Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper

• 'Experimental' security fix is malware, Microsoft says
• Microsoft readies first attack forecast
• Top security suites fail exploit tests
• More top stories 

Go Green with Webroot® Perimeter Security SaaS! Webroot Perimeter Security SaaS is a powerful alternative to obsolete on-premise hardware based security solutions. SaaS allows businesses to obtain flexible protection through an expert security provider, solving the problems caused by software, hardware and appliance solutions. Benefits include easier manageability, better protection and guaranteed performance –all at a lower cost. Register for your free copy of the "Why Security SaaS Makes Sense" whitepaper and Go Green with Webroot! Download this white paper now!

In Security Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected. Click here to read the latest column by Jon Espenschied

Protecting Exchange While it was once just a convenient way for employees to communicate internally, today e-mail systems like Exchange are tightly integrated with other business applications and are one of the primary methods for communicating with current and prospective customers. Protecting Exchange against costly downtime has become a top priority for more IT departments. So how do you ensure that your Exchange environment is always protected? Download this white paper now!

The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler