Phishing Scam Twist: Bogus Sites Built To Snatch Credit Cards

Several Web sites supposedly selling very cheap airline tickets have been shut down, said a security firm, after it was discovered they existed only to harvest credit card account data. Expect more such scams, warned Panda Software.

The Glendale, Calif.-based anti-virus vendor noted that the scheme differs from typical phishing attacks, in which the criminal contacts the victim. Instead, users find the bogus sites themselves, usually via a search engine.

Once at a site claiming ultra-low fares, the consumer is asked to fill out a form requiring personal details, including their credit card number, the card's expiration date, and its verification value. To keep up appearances, the site displays an error page when the form is submitted. The consumer is told that the transaction didn't complete, and is given instructions on how to pay for the tickets by money order.

"It's actually the buyer, in searching for the best prices online, who goes to the fraudulent Web page," said Luis Corrons, the director of Panda's research lab, in a statement. "This creates a false sense of security that can lead users to proceed with the transaction."

Although the illegal sites have been shuttered, Corrons said to expect more of the same as other scammers take up the tactic to "sell" virtually anything at "bargain" prices. With no intention of ever selling anything, they can post any price they want to attract victims.

"Treat 'bargains' with suspicion, and only make online purchases from trusted sites," added Corrons. "If in doubt, search for information about the site in question. Users should be able to find opinions and experiences of others who have used the same service."