A new phishing scam lures unwary victims by sending e-mails "confirming" that they have joined an adult site and money will be automatically debited to their accounts.


In a clever use of social engineering, this scam uses both positive and negative psychology to ensnare its victims.
According to Seth Purdy, writing on the McAfee Avert Labs blog: "In this case the email purported to be confirmation of puchase for a trial membership on an adult website.
"Included was a login and password, account number, and a link to the site. The message also cited possible recurring charges.
"The adult site the email claimed to originate from and link to does actually exist; however, the actual URL associated with the linked text pointed to a now-defunct account on a commercial hosting service in Asia.
"Additionally, the name of the billing service referenced for the recurring charges is also a real online e-commerce billing company."
The text of the email thanks the victim for subscribing to the site, gives them their user name and login, and details payment that will recur automatically until the user cancels the account.
"What’s interesting is that the phisher is luring the victim with dual motivations, the second being more emotional than pragmatic," says Purdy.
The monetary charges are the negative incentive, while being authorised to access the adult site is positive incentive.
The phisher would probably set up the phony site so the victim would have to “confirm billing information” either to cancel it or continue viewing the adult content – and thus give away his banking details.