Most phishing involves an email pretending to be ebay, Amazon.com, etc. threatening to cancel your account if you don't provide some very personal information. But this one takes the cake. I just found out about this one because it just happened to me.
In this case, the "bait" is a small but unfamiliar charge showing up on your credit card statement (usually 9.95 or 11.00). The company name shown on the line item is something like "PANSALCORP.com", "EADENS.net" or other web address. The victim says "hmm, I don't remember doing any business with that company," and of course the next logical action is to visit the web site (e.g. PANSALCORP.com) to see if it might jog their memory.
What they find is a web site claiming to offer "website design" or something similar. And, oddly enough, there is a link right on the main page that reads "What is xxxx billing me for?" (where xxxx is the bogus company name, like PANSALCORP.com). "Hmm," says the poor victim, about to bite, "maybe I can follow this link and see what is going on here." Well, the link takes them to a form asking for (you guessed it) some very personal information (including, but not limited to, last 6 digits of credit card number, name, email address, phone number, ZIP code). [Author's note: by the time I got here, I already smelled trouble so I didn't fill in the form. I'm glad I didn't.]
So now the outfit qualifies as a low-life on two levels: First, they fraudulently charged your credit card, so they at least get a few dollars out of you; but they go on to phish some very sensitive, personal info when you come to investigate the charge.
On closer inspection of the web site, there are many giveaways that it is not a legitimate business. Most prominently, the site has a link right on the main page reading "What is xxxx billing me for?" Now, when was the last time you went to a legit company's web site and found a link, prominently displayed on the main page, asking if they've charged your credit card by mistake.
But digging deeper, I found the following text on the page:
"...[scumbag] is the perfect resource for companies that are looking at having a professional quality website layout at an affordable price. One look at the quality and detail that is put into each and every design and you'll understand why..."
A Google search finds 77 web sites with this exact text, word for word.
These people apparently don't use the same company name for very long. They set up a web site, bill a few thousand people's credit cards, then shut down that web site, and start a new one.
What I really want to know is, how did they get my credit card info? The author of the following page suggests that they may be generating random numbers, issuing charges against them, most of which won't work but some do: