Western Union Phishing fraud emails are again picking up steam into the new year. Most of these fraudulent emails are sent from the spoofed address: “westernunionresponse@mail.westernunion.com” though they actually originate from infected personal computers throughout the world.
These fraudulent emails contain a variety of email subjects, such as:
Thank you for using Western Union
Your Western Union money transfer has been authorized
Your money transfer has been authorized and is now available for pick up
In a twist, rather than promising that you are about to receive vast sums of money, this campaign instead asks to you verify that you’re transferring funds to someone else. Typical language includes:
Your money transfer has been authorized and is now available for pick up by the receiver.
Helping sell the potential credibility of the scam, the “Order Date” for the fictitious money transfer is always the current date and the amounts are also randomized, ranging from minor sums such as $89.50 and ranging all the way into the thousands like: $5328.50.
Western Union Phishing Fraud
The randomizing of the dates and the amounts not only makes the emails appear more beliveable but also helps these emails evade spam filtering wish is often less effective with such variables.
The last ingredient for selling the fraud is the hyperlink which is convincingly baited with:
You can cancel this transfer by using the hyperlink below:
And is displayed similar to:
http://wumt.westernunion.com/WUCOMWEB/transactions/HomePage/cancel.php?session=&mtcn=304245374&summ=5328.50&date=Wed, 6 Jan 2010 22:49:09 -0300
However, despite what is displayed by the email client, the actual hyperlink will be to a compromised attack server such as:
http://wumt.westernunion.com.ye3eddh.com.pl
Visitors that attempt to log into the fraudulent sites (presumably to report the funds transfer as an unauthorized transaction and to “cancel” it) will be providing their personal, private and confidential information to the spammers.
