Date Reported 19th January 2005
Apparent Sender AOL
Return Address AOL Member Services <billinginvoices@aol.com>
Subject Credit Card Rejected
Format HTML
Method Spoof email links to a spoof webpage where victim is prompted to enter their details believing the site is genuine. Details are then forwarded to a local script and captured.
Bogus Web Content? Yes
URL of web content http://aol-members.kickme.to/
RISK LEVEL MEDIUM
WARNINGS 1. Email claims to be from AOL asking you to confirm your account data by clicking on the link. You will be taken to a spoof login page where your details will be captured by the phishers.
2. AOL never send users emails requesting details in this way.
3. URL looks real at a glance, but in fact nothing to do with AOL.
4. URL disguised as text " Please click here to update your billing records ".
" Dear AOL Member, We recently noticed one or more attempts to log in to your AOL account from a foreign IP address and we have reasons to believe that your account was used third party without your authorization."
If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
The Spoof Email ...
Dear AOL Member,
We recently noticed one or more attempts to log in to your AOL account from
a foreign IP address and we have reasons to believe that your account was used third party without your authorization. If you recently accessed your account while traveling, the unusual login attempts may have been initiated by you The login attempt was made from: IP address: 172.25.210.66 ISP Host: cache-66.proxy.aol.com
By now, we used many techniques to verify the accuracy of the information our users provide us when they register on the Site. However, because user verification on the Internet is difficult, AOL cannot and does not confirm each user's purported identity. Thus, we have established an offline verification system to help you evaluate with who you are dealing with. Please click here to update your billing records
Thank you for your time and we appreciate your business.
AOL Help Is Always Available
If you ever need help using the AOL service while you are online, we have online Customer Service representatives available at AOL Keyword: Live Help.
Thank you for choosing the America Online service!
Regards,
Regina Lewis Billing Department
America Online Inc.
Quick Tip: Learn how to "bookmark" a page so you can always get back to it. AOL Keyword: Learn Favorite Places.
Coming Soon: Look in your mailbox next time you sign on for tips on how to improve your connection to the AOL service.
To unsubscribe from the "Welcome to AOL e-mail series", click here .
NOTE: AOL strongly recommends that you contact your local phone company to confirm that any access number(s) you have chosen for dial up access to AOL will not cause toll or long distance charges to appear on your phone bill. Simply because an access number has the same area code or city as your dial-up location does not necessarily mean that it is in your local calling area. The access number(s) that you have selected may not correspond to your local phone company's billing designations and need to be carefully selected. If you do not contact your local phone company, you may unnecessarily incur phone charges when dialing an AOL access number. Only your local phone company can provide this information.
The Spoof Website ...
Not online at time of report, but likely to closely resemble the real AOL login page.
|
