Select Page

Last month we blogged about fake Windows domains being registered, which used the cute trick of placing two “v’s” together to make the site look authentic (vvindowsupdate, etc.) — here and here.

Now, we see a similar pattern, used in phishing — this time, targeting Western Union. Below is a sample phish that we just picked up in one of our email traps:

Vv_phish5

Clicking through on the email takes you to the domain: wumt(dot)vvesterunion(dot)us

Vvserverphish

Here, we are taken through the standard practice of gathering information needed in order for criminals to take over your account:

Vv_phish1

Vv_phish3

Once you have successfully “activated your account”, you are re-directed to the real Western Union domain:

Vv_phish4

This particular phish has been reported to PIRT for takedown.

Adam Thomas