Secure With Visa - Protecting Your Card and Your Information

Cut the Line on Phishing Scams

While advances in technology have helped improved security over the Internet, it has also provided criminals with a new avenue for their criminal pursuits. Technology-savvy criminals are continually looking for new ways to defraud people online, and many have resorted to using e-mail and the Internet to gain access to their victims' personal and financial information.

One of the more recent, prevalent forms of cyber crime, is the practice of "phishing" or "brand spoofing." Phishing is the act of sending an e-mail to a user falsely claiming to be a legitimate enterprise in an attempt to scam the user into disclosing private information. These e-mails often ask for information such as credit card numbers, bank account information, social insurance numbers, and passwords that can be used for identity theft.

Remember that Visa and its Member financial institutions do not solicit personal information via e-mail, unless the cardholder initiated contact. If you receive a suspicious e-mail appearing to be from Visa, immediately contact Visa at To report possible phishing scams from other organizations, send an e-mail to

Phishing Banner


Spot, avoid, and protect yourself against phishing scams. Following are some tips to help you avoid becoming a victim of 'phishing' scams:


Be alert for scam e-mails. If you get an e-mail that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the e-mail.

Phishers typically include upsetting or exciting (but false) statements in their e-mails to get people to react immediately. These e-mails are typically NOT personalized, while valid messages from your bank or e-commerce company generally are.

Below is an example of what a typical 'phishing' e-mail looks like:

Phishing e-mail image

Be aware when submitting personal or financial information on Web sites. Before submitting financial information through a Web site, look for the "padlock" icon on your browser's status bar. This signals that your information is secure during transactions. To make sure you are on a secure Web server, check the beginning of the Web address in your browser's address bar. It should read https://, rather than just http://.

Phishing Site Image

Look for misspelled words. Misspelled words either in the message, hyperlink or Web site often signal 'brand spoofing' scams.

Leave suspicious sites. If you suspect that a Web site is not what it claims to be, leave the site immediately. Do not follow any of the instructions it presents.

Always report 'phishing' or 'spoofed' e-mails. If you receive a suspicious e-mail appearing to be from Visa, immediately contact Visa at To report possible phishing scams from other organizations, send an e-mail to If you suspect that fraudulent activity has resulted from a 'phishing' e-mail, contact your local police immediately.

Contact Visa or your financial institution if you receive a suspicious e-mail that appears to have been sent by Visa or any of its Financial Institutions and report it immediately to

Protect your computer. You can protect your computer, your sensitive files and your home network from hackers and viruses by taking some basic precautions. Use tools to fight back and protect your computer and your information. Some easy-to-use tools are anti-virus software, spyware filters, e-mail filters, and firewall programs, [for high-speed (broadband) connections].

Do not reply to any e-mail that requests your personal information. Do not respond to unsolicited e-mails that ask for sensitive financial information such as your credit card number, the last three digits printed on the signature panel on the back of your credit card or your bank account number, driver's license number, or social insurance number. Also be wary of an e-mail that sends you personal information about yourself and asks you to update or confirm it.

Monitor your transactions. Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balance.

For more detailed information on "phishing" and "brand spoofing," please download a complete copy of Cut the Line on Phishing Scams (pdf 1.14mb)
Tools and Downloads

How do I submit a 'phishing' e-mail to Visa?

Assuming you use Outlook or Netscape:

1. Create a new mail to

2. Drag and drop the phishing e-mail from your inbox onto this new e-mail message. In Netscape drop it on the 'attachment' area.

3. Do not use "forward" as it loses information and requires more manual processing. The exception is when you use the Web interface to Outlook; in this case forwarding the message is the only option.