Last month, a suspicious domain was found to be associated with a certain malware: vvindowsupdate.com. Notice the double Vs used to replace the W–an obvious way to trick users into thinking that this is the real Windows Update link. Well, phishers are picking up where this month-old tactic left off to dupe users into giving out account details. Western Union subscribers are targeted by the following phishing email discovered by the Content Security team here at Trend Micro :
When users mouse over the Activate link within the message, notice that the URL that it leads to is vvestreunion.com. Aside from the double v, there’s also a noticeable misspelling on the domain name. Phishers are still counting on social engineering to scam users.
It is always safe to double-check anything before believing in it. Phishing email messages are usually spammed to random email addresses, so if you receive a similar email but are not a subscriber of Western Union–or, in general, if you receive any email from any institution that you are not associated with in any way–it is recommended that you report it to Trend Micro for further investigation. It is also best to delete said message.