The Double V Phishing Attack

A new phishing attack uses two Vs to replace a W (e.g. VVindowsupdate). The latest attack is on Western Union. The phishing email links to vvesterunion.us (with the double v and without the n on western).

The site has already been taken down but the situation shows how clever some phishers can be. The site didn't use an SSL certificate which is an obvious tip-off but the people who are unobservant enough to fall for these types of scams don't necessarily check for a little lock icon anyway. However, if Western Union had an EV SSL Certificate and there was a very obvious change to the browser (such as a green address bar) then people would be less likely to fall for phishing attacks.

The return of the disingenuous double v - [SunbeltBLOG]

Originally posted on Sun Sep 2, 2007