Date: Wed, 10 Jul 2013 13:20:38 -0300 [12:20:38 EDT]The link in the email goes through a legitimate hacked site and then attemped t to go to a malware page at [donotclick]estateandpropertty.com/news/visa-report.php (report here) but it appears the registrar has nuked the domain, so the spammers have switched the link to [donotclick]clik-kids.com/news/visa-report.php (report here) instead. IPs involved are:
From: Visa [firstname.lastname@example.org]
Subject: Update Your Business Visa Card Information
Your Visa Business card has been limited. Please update your information to reactivate your account.
Please proceed the link: http://visabusiness.com/fraud/warning_mail=81413185766854518964...96368, update necessary information and view further information that caused us to set a limit.
Your Case ID is: NW61826321176497
Look for unexpected charges or questionable activity, and if you see anything suspicious,don't wait to act.
This added security is to prevent any additional fraudulent charges from taking place on your account.
Notice: This Visa communication is furnished to you solely in your capacity as a customer of Visa Inc. (or its authorized agent) or a participant in the Visa payments system. By accepting this Visa communication, you acknowledge that the information contained herein (the "Information") is confidential and subject to the confidentiality restrictions contained in Visa's operating regulations, which limit your use of the Information. You agree to keep the Information confidential and not to use the Information for any purpose other than in your capacity as a customer of Visa Inc. or a participant in the Visa payments system. The Information may only be disseminated within your organization on a need-to-know basis to enable your participation in the Visa payments system.
Please be advised that the Information may constitute material nonpublic information under U.S. federal securities laws and that purchasing or selling securities of Visa Inc. while being aware of material nonpublic information would constitute a violation of applicable U.S. federal securities laws. This information may change from time to time. Please contact your Visa representative to verify current information. Visa is not responsible for errors in this publication. The Visa Non-Disclosure Agreement can be obtained from your Visa Account Manager or the nearest Visa Office.
This message was sent to you by Visa, P.O. Box 8999, San Francisco, CA 94128. Please click here to unsubscribe.
220.127.116.11 (Radore Veri Merkezi Hizmetleri, Turkey)
18.104.22.168 (Acens Technlogies, Spain)
22.214.171.124 (Universidad Autonoma De Madrid, Spain)
126.96.36.199 (KINX, Korea)
188.8.131.52 (Razor Inc, US)