The return of the disingenuous double v

Last month we blogged about fake Windows domains being registered, which used the cute trick of placing two �v�s� together to make the site look authentic (vvindowsupdate, etc.) � here and here.

Now, we see a similar pattern, used in phishing � this time, targeting Western Union. Below is a sample phish that we just picked up in one of our email traps:

Clicking through on the email takes you to the domain: wumt(dot)vvesterunion(dot)us

Here, we are taken through the standard practice of gathering information needed in order for criminals to take over your account:

Once you have successfully �activated your account�, you are re-directed to the real Western Union domain:

This particular phish has been reported to PIRT for takedown.

Adam Thomas