Last month we blogged about fake Windows domains being registered, which used the cute trick of placing two “v’s” together to make the site look authentic (vvindowsupdate, etc.) — here and here.
Now, we see a similar pattern, used in phishing — this time, targeting Western Union. Below is a sample phish that we just picked up in one of our email traps:
Clicking through on the email takes you to the domain: wumt(dot)vvesterunion(dot)us
Here, we are taken through the standard practice of gathering information needed in order for criminals to take over your account:
Once you have successfully “activated your account”, you are re-directed to the real Western Union domain:
This particular phish has been reported to PIRT for takedown.
Adam Thomas