Bogus Western Union notice leads to phishing
A fake Western Union notice is hitting inboxes around the world and scaring people into following the offered link to a phishing page.
“Failure in updating your profile will result in limiting your account access,” says the spam email signed by an “IT Assistant”.
Users who fall for the trick are taken to a login page mimicking the Western Union one. Once they have entered the login credentials and pressed the “Sign In” button, they are asked to share information such as date of birth and answers to typical security questions such as their mother’s maiden name or favorite pet’s name:
“All information submitted via the login page and the bogus update form can be collected by scammers,” points out Hoax-Slayer. “Once they have this information, the scammers can then login to the victim’s real Western Union account and use it for nefarious purposes such as money laundering. The scammers may be able to use the stolen ‘Test Question’ details to collect payments without having the user’s proper identification documents. For example a scammer could pretend that his wallet and ID had been stolen and use the Test Question process to claim funds in a victim’s name.”
Once the victims have done all that has been asked of them, they are redirected to the legitimate Western Union page, where they might or might not notice that they have somehow been logged out and are required to login again.