New phishing Campaign Targets AOL Users

Security experts at Sophos (an Internet security firm) have released a warning of new phishing campaign targeting the users of American Online (AOL).

The content of the phishing email states: 'Dear AOL Member, AOL could not process your current payments.' The e-mail also asks the user that whether he has recently made some changes in his phone number, credit card number or bank.

Besides, the e-mail informs the user that if he wishes to continue his service (with AOL) uninterruptedly, then he should visit 'http://bill.aol.com.' Once the user visits this website, he is asked to furnish all his personal information and click on 'Submit' button in the phishing email.

In order to make the e-mail sound more authentic and valid to the recipients, the e-mail concludes on a formal note on behalf of the 'AOL Member Services team.' The e-mail also highlights the point that the link provided in the message will terminate within 24 Hours so that a sense of panic is created in the minds of e-mail readers.

Chester Wisniewski, a senior security advisor (Sophos Canada), explained that the link http://bill.aol.com led to a fake website hosted on a domain formerly linked with other phishing systems, as per the statement published by the Softpedia on July13, 2010.

Wisniewski also mentioned in her blog post that the phishing e-mail contained elements of the original AOL website, but the one thing that made it strikingly different from the real website was the high and personal details asked from the users. This might lead to the exposure of certain specific security numbers, driving license number and other information required by security questions.

As far as the billing details are concerned, the form contains numerous columns for details like - ATM pin number, bank telephone number, bank name, card holder's name, credit card number, expiry date and verification number (CVV2)

Owing to the problems associated with these phishing e-mails, Sophos concludes that netizens should remain alert and never trust any sort of mails that require them to confirm their personal account details.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 7/22/2010