Attention Merchants. The Official Merchant Services Blog has been made aware of an e-mail based Phishing campaign designed to trick individuals into providing login credentials for their credit card processing — specifically one of the payment gateways that a merchant uses.
The e-mail generally has a subject title of “Annual Agreement Renewal” and the body of the message is communicating that their “retail account” or “merchant agreement” is expiring. When you open the attachment it appears to have a login page prompting a login.
Be advised that this is an attempt at social engineering intended to steal those login credentials. Neither Host Merchant Services nor TransFirst is the source of these e-mails. These e-mails should be disregarded and deleted. This is an industry wide issue that has escalated in recent days. The Official Merchant Services Blog and Host Merchant Services have been made aware of e-mails appearing to be from TransFirst as well as other payment processers.
If you are a merchant and you have been taken in by this scam, please have contact merchant support at 1-800-654-9256 or contact us at Host Merchant Services directly at 1-877-517-HOST (4678).
Host Merchant Services will continue posting notices on our key sites and our social media channels. TransFirst is also getting the word out, posting information as TC, Epay, TransLink, Transfirst.com and other social media channels.
If you have any questions regarding this scam, please contact Host Merchant Services support.
Some Basic Information on Phishing
Phishing is an attempt to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting target of the scam. Phishing is usually carried out by e-mail spoofing or instant messaging, and directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
How To Defend Against Phishing
The scam artists behind phishing emails are smart and know how to create emails and websites that look like they are official and from well know companies or organisations. Because of this, the typical security measures taken with electronic communication — such as firewalls — don’t stand up to the scams.
There is no real effective software-based means of defending against phishing scams. Common sense tends to be your best defense. Always exercise caution when replying to an email that requests personal information or passwords. Also, never click on links found in such e-mails. Even if you believe the content of the message is genuine you should type the web address into your browser directly to ensure that you are visiting the correct site.
Here are a few more tips for avoiding phishing scams:
- If you believe an e-mailed request for information is genuine then call the company to confirm before entering data on a website.
- If you need to entire sensitive information on a website then look for a padlock in your browser’s status bar to signify that you are on a secuire site.
- If you believe that you have fallen victim to a phishing scam contact the bank or credit card company immediately so that they can freeze your accounts and take action on your behalf.