TCS - AOL Scam Alert

AOL Scam Alert
Pass this on to all your AOL friends

by Steve Bass
Pasadena IBM Users Group
From the March 2003 issue of the I/O Port Newsletter

We all know someone--friends and relatives--who use AOL, and I suggest you consider forwarding this message to them. As you'll see, it's not a hoax but a real-life scam.

It started when my mother recently received a beautifully done AOL message. It's the kind of thing you read about but rarely get to see firsthand.

The message she received was from the AOL Billing Services Team. She forwarded it to the accounting department--moi--because I pay for her account (she has me to blame, I know). Read the message here: http://www.pibmug.com/files/aol letter.jpg

It took a minute to figure out something wasn't right.

Telltale Clues

For one thing, the e-mail header showed that the AOL Billing Services Team was blind copying her using version AOL 5.0. (http://www.pibmug.com/files/aolheader.jpg) You'd think they could use a more current version, right? There's more: The return address was Remindingyou@aol.com and the subject line had a misspelling.

I followed the Billing link in the message. At first glance I saw an AOL Welcome box. (http://www.pibmug.com/files/aolwelcomescreen.jpg) Take a careful look and you'll know why I was suspicious. Yep, lots of misspellings.

I went along with the game plan and clicked OK. Now I was staring into what looked like a remarkably authentic credit card payment form. Even if you didn't click the other links, you HAVE to see this one. It's worse than a loan application. http://www.pibmug.com/files /aolcreditcard.jpg

Is it Really You?

To make sure it's really you, they also want your Social Security Number, date of birth, driver's license number, and mother's maiden name. With that, the scammers can get to "identity theft" heaven before you shut down your PC for the night.

But they're not finished. How about throwing in your AOL screen name and password, something even novices know AOL wouldn't do. To add a level of legitimacy, they warn you that, "For your safety, please do not download any files from strangers. AOL will never ask you to download anything."

Who Is?

I went to http://www.samspade.org, my favorite Web examination site, and backtraced the Billing link. (The site was closed by Hypermart so it now leads to an error page.) It's an obfuscated URL: http://www.aol.com-billing:july-2002@072002.hypermart.net that leads to http://072002.hypermart.net. It works because any characters before the @ sign are ignored. And all it took was a quick web search with Google.com to find locations loaded with AOL scamming files. You can view one site here: http://www.pibmug.com/files/aolhypermart.jpg

I contacted one of AOL's security people I met years ago because of a story I did about AOL. Unfortunately, I never heard back from him. I also sent a message to abuse@hypermart.net and they responded in four days.

AOL Protection Strategy

Forward this to a buddy using AOL. They need to know that the best AOL protection strategy is to be alert to constant scams. You know, if it looks like a duck, smells like one, and occasionally quacks, there's a good chance it is one.

If you're unsure about a billing question, it's best to call AOL's billing services directly at 800/827-6364, or their Screen Name/Password line at 888/265-8004.

Steve Bass is a Contributing Editor with PC World and runs the Pasadena IBM Users Group. He's also a founding member of APCUG. Check PCW's current edition at www.pcworld.com/resource/toc/index.asp and sign up for the Steve Bass online newsletter at www.pcworld.com/bass_letter. §

There is no restriction against any non-profit group using the article as long as it is kept in context, with proper credit given to the author. This article is brought to you by the Editorial Committee of the Association of Personal Computer User Groups (APCUG), an international organization to which this user group belongs.



For more information on the Tulsa Computer Society click here



Tulsa Computer Society 3/02/2003
Don Singleton, President