<<< Date Index >>>     <<< Thread Index >>>

[IP] Fwd: "Phishing"/ID theft scam targets AOL users




Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Fri, 14 May 2004 10:39:38 -0600
From: Brett Glass <brett@xxxxxxxxxx>
Subject: "Phishing"/ID theft scam targets AOL users
X-Sender: brett@localhost (Unverified)
To: Dave Farber <dave@xxxxxxxxxx>, Ip ip <ip@xxxxxxxxxxxxxx>

Dave:

This morning, I received an interesting and somewhat disturbing pice of spam that claimed to be from AOL. It said:

Return-Path: <ServicesTeam@xxxxxxx>
Received: from alnour ([62.135.119.113])
        by lariat.org (8.9.3/8.9.3) with ESMTP id KAA04830
        for <brett>; Fri, 14 May 2004 10:07:53 -0600 (MDT)
Message-Id: <200405141607.KAA04830@xxxxxxxxxx>
From: "AOL Member Services Team" <ServicesTeam@xxxxxxx>
Subject: Unfortunately
To: brett@xxxxxxxxxx
Content-Type: text/html;
Reply-To: ServicesTeam@xxxxxxx
Date: Fri, 14 May 2004 19:06:31 +0300
X-Priority: 3
X-Library: Indy 8.0.25
X-UIDL: 9d69435e196f1b47fe610c710b49c2a4


Dear Member,

I am sorry to inform you that...
Unfortunately, your AOL Account Billing information is currently invalid.
The billing information you have provided us with is being used by some one
else. Please <http://updating-your-account.com/updating.htm>click here to correct this problem

Never download a file attached to an e-mail if you don't know the sender.
Attached files can contain viruses or hidden programs (called "Trojan Horse"
programs) that may compromise the security of your AOL account or
damage your computer files. No matter how enticing the file may appear, you
put yourself and your computer at risk when you download a file from an
unknown source, even if it appears to be an official AOL communication. If
you receive a suspicious file, don't open it - Notify AOL:

1. Click on the Forward button on the open Mail window.
2. Type the screen name TOSFiles in the TO: box.
3. Click Send. Your mail will be forward to AOL for review.


Sincerely,
The AOL Member Services Team

A quick check of the IP address in the "Received:" header of the mail -- which the average user does not know how to check -- revealed that the address was delegated to an ISP in (of all places) Egypt.

Following the link (the target is http://updating-your-acocunt.com/updating.htm), in case it did not make it through clearly above) leads to a Web page that's quite a work of art. It bears AOL's logo and asks for an astonishing amount of personal information, including everything that one might possibly need to perpetrate credit card fraud and/or identity theft on the naive user. The page itself seems to be hosted at an address delegated to Yahoo!.

The scary thing about this message was not the intent -- "phishing" scams are common -- but the increasing sophistication of the crooks. Most AOL users, who know little about the workings of the Internet, would have no way of verifying that the message was fraudulent and would in fact be hindered in their quest to do so by AOL's user interface (which makes it impossible to examine headers, etc. that a conventional e-mail client would reveal).

This message speaks volumes about what we are failing to do, technologically, with regard to the Internet and applications which run on it. There is no reason why users should not instantly be able to detect the obvious fraud here -- yet the users at whom it is targeted lack the knowledge and the tools to do so.

--Brett Glass


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/