By Dancho Danchev
Opportunistic scammers have just launched a targeted spam campaign impersonating the UN Refugee Agency (UNHCR) in an attempt to trick users into handing over their complete credit card details as they supposedly make a donation to support Syria’s refugees.
Needless to say, this scam is seeking full access to your credit card details through a fraudulent Web site that’s directly collecting the information, has no SSL support, and is featuring a bogus “Verified by Verisign” logo in an attempt to add more legitimacy in the eyes of the prospective victims.
Sample screenshot of the spamvertised email:
Fraudulent URL: hxxp://sosmoney.eu/refugees/refugees/Donate%20to%20the%20UN%20Refugee%20Agency%20in%20the%20United%20States%20-%20USA%20for%20UNHCR.htm
Domain name reconnaissance: sosmoney.eu – 184.108.40.206; 2a01:238:20a:202:1091::145
Sample screenshots of the landing page:
We advise users to always research the Web site they’re about to use before making a donation in order to ensure that they’re not directly sending their credit cards details to fraudsters.