AOL Customers Under Attack From Latest Phishing
The headers of the contented emails with subject line bearing the title "Billing update on file must be performedz" are spoofed off, so that they appear to be sent from the original AOL Member Billing. The mails are sent from the internet address<AOLMemberServices@mail.aol.com>
An AOL template is used for writing the main message along with an AOL Member Services banner. According to the enclosed message, the victim is reminded to update his/her bank account for attaining better and secured banking services. For adding values in the message, the contender claims this action to be a part of a regular verification
The recipient is also notified that in case of failure to update an account, the liberty of shopping on the website will automatically result in restraints.
The enclosed message also contains a link called "Update your information", which prompts a user with a web page wherein, all personal information including name, credit card details, address, date of birth, AOL username and password, and even social security number is to be filled up.
Graham Cluley, Senior Technology Consultant at Sophos, commented about the ways by which netizens falls easy prey of malware authors, scammers, and phishers on the ground of semi-believable things. Even though many wise users immediately send these mails in trash, some users are always exposed to this vulnerability, as reported in nakedsecurity.sophos on January 4, 2011.
Taking into consideration these vulnerabilities in relation to the latest scam, security experts at AOL has advised netizens to avoid providing personal information in mail because genuine businesses rarely seeks credit card numbers, passwords, or other personal information via e-mails.
Netizens are also pertained from opening the URL directly through the links for these links are likely to trigger a spoofed site and take down all personal information of the user as mentioned above.
Related article: AOL Yet to Fix Original Critical Flaw Discovered in September 2007
» SPAMfighter News - 14-01-2011