Select Page

Last month we blogged about fake Windows domains being registered, which used the cute trick of placing two “v’s” together to make the site look authentic (vvindowsupdate, etc.) — here and here.

Now, we see a similar pattern, used in phishing — this time, targeting Western Union. Below is a sample phish that we just picked up in one of our email traps:


Clicking through on the email takes you to the domain: wumt(dot)vvesterunion(dot)us


Here, we are taken through the standard practice of gathering information needed in order for criminals to take over your account:



Once you have successfully “activated your account”, you are re-directed to the real Western Union domain:


This particular phish has been reported to PIRT for takedown.

Adam Thomas