Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Beware Of Fake Websites Stealing Credit Card Information

image
THREATLABZ
October 18, 2011 - 2 min read
People often uses credit cards online to purchase products but many people fail to validate the site address and proceed with submitting sensitive information such as card numbers. Attackers can then steal credit card information along with the associated CVV number. Here is an example of one such fake website, hosting supposedly ‘free’ services - hxxp://www.angelfire.com/ak5/billincenta/.

Once a victim visits this website, he will be presented with popup box portraying the site as AOL’s billing center:
ImageThe message indicates that the user needs to update credit card and billing information, or their account will be ‘voided and cancelled’. When victim clicks on the OK button, he will be taken to another webpage where he is asked to enter his credit card details.
ImageOnce the victim enters their sensitive and personal information, the webpage smartly displays another popup stating “AOLBilling will now validate your credit card”. This is again done to convince user that the site is a legitimate AOL billing website. Nothing is actually validated against AOL and credit card information is sent to attacker. The webpage collects and sends a POST request with all user details. Here is packet capture of the request sent:

ImageFor the purpose of this blog, we have entered fake information. If you look at the above POST request, you will also notice a recipient email address of “[email protected]”. This means all sensitive information is sent to this email address. The victim is then redirected to the error page.

Users should never enter credit card details without being 100% confident that the form is hosted at the correct domain and traffic is sent via HTTPS.

Umesh
 
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.