IMPORTANT: AOL users beware....NB

[oldharry]

Received on Boxing Day an Email from AOL requesting updated info on the plastic I use for their billing. Ok. shortly after a second fuller Email arrived, asking again for the card details - which was specified correctly by name, with a Hyperlink leading to 'AOL Billing' The form on the Hyperlink looked identical to the AOL standard form, except that it requested my ATM Pin number (with a note that I could change it after submitting it to AOL)

I rang AOL who were unable to confirm whether the Emails were genuine or not. (They subsequently have said that one at least, is) I passed the basic info about the card to be billed verbally, and went back to check the PC, to find so far 3 Spyware programmes installed including a rogue dialler, and a Keylogger, presumably as a result of innocently opening an Email purporting to be from AOL.

Clearly had I complied with the Emails it would have cost me £££££'s. I shall know when the banks open tomorrow whether the PC was compromised. Unlikely, I hope as my security has been set to a very high standard by sons who are well qualified to know what they are doing. Most of you will not have that level of security on board, and this scam could cost you a mint!

Anyone recieving such Emails should NOT open them, but refer immediately to AOL who are 'investigating'. the worrying bit is the fact that the suspect email already contained info about me that should not have been available outside AOL.

Identity Theft is, next to drug running, one of the fastest growing crimes, and we all need to be very aware just how easily it is acheived.



I

 

[webcraft]

If you check the clickthrough link in any of these phishing e-mails you will find that although the URL you click on looks genuine the URL in the status bar is totally bogus.

(Try his one for example:

http://www.lovelybank.com/youraccount

It looks as though you are going to LovelyBank's accounts page - but check the URL in the status bar, or [it's quite safe] click through and have a look - see what I mean?)

DON'T ever click through on these e-mails unless youare certain they are going to the genuine site, or your PC is likely to end up full of garbage at best - and at worst, if you still don't notice the spurious URL, you will give someone all your bank / credit card / pin details or whatever it is they are asking for.

Remember, if you have the slightest suspicion that it might be dodgy then it IS!

- Nick

 

[Talbot]

I do like the full file address that you hid on your file! /forums/images/graemlins/smile.gif

 

[oldharry]

I am very aware of the many scams operating through the Internet - thanks to 2 sons who have studied Compuyter science to degree and in one case PhD level - who have throughly trained me in spotting these things...

The point of my warning is that the bogus email was appeared totally convincing until that one question - the Pin number, the more so because it already contained apparently personal info.

(And yes, I know that could have been collected elsewhere. But I have never previously seen anything half as convincing and cleverly put together as this one. A thoroughly professional effort - but for the one key question).

 

[PaulS]

One easy way to spot bogus emails of that type on AOL is that emails which are truly from an official AOL management source always appear in your inbox as a blue envelope...not at all like the regular emails. Also, remember that AOL stated policy is that they will NEVER ask for any personal or financial details in an email. At most they will simply ask you to contact them.

 

[Stemar]

Re: IMPORTANT: EVERYONE beware....NB

The important thing to remember is NEVER NEVER NEVER give your pin to anyone. Your bank will never ask for it, and no one needs it except to empty your account. If you're ever asked for your pin it's a scam. End of Story.

Even your bank doesn't know your pin. What's stored is the result of a one-way calculation (very complex maths which I don't begin to understand). You type in 1234 (I hope you don't!) and what comes out is something like ;lk54lkfrgr7434';ke 5i324798/47. This is compared with what it worked out the first time your pin was set up and if they are the same you're in, but there's no way to take the ;lk54lkfrgr7434';ke 5i324798/47 and turn it back into 1234 that's easier than trying pins at random. That's why your bank can reset your pin and give you a new one, but can't tell you your old one if you forget it.

 

[webcraft]

Erm . . .

You seem to have missed my point, Harry, in your eagerness to be dismissive of what was intended to be a helpful post which might save someone some money sometime.

The link that led you to the form asking for your PIN did NOT lead to a genuine AOL web page, a fact which could have been determined by checking the URL either in the status bar of Outlook Express prior to clicking through or in the address bar of the browser once you had clicked through to the fake page.

So it didn't matter how convincing it looked . . . anyone can knock up a convincing copy of a genuine AOL (or HSBC or PayPal etc etc) web page and put a form on it, but they cannnot spoof the URL to appear to be a real AOL URL. The person who manages to find a way to get a fake URL to appear in the address bar of Internet Explorer will make a fortune.

- Nick

 

[DickB]

If you use Outlook 2003 the url is not resolved in the preview pane and when you hold the cursor over the url is shown in its true form. Often you will see a web site ending in '.ru' !!!! Definite Pshishing!!! - ie get Outlook 2003 if you can - It is much better!

Incidently I never ever click on any emailed url!!! I always type it in longhand

(ps - I am an IT consultant and very very cautious!)

 

[oldharry]

Err, sorry webcraft - I was not intending to be dismissive- maybe overdefensive at have been nearly caught napping by an unusually clever bit of handiwork! Apologies!

My point is basically the same as yours - the need to remain fully alert to these events, with the same intention as you of hoping to save anyone else the not inconsiderable problems these things can cause.

 

[fireball]

[ QUOTE ]
So it didn't matter how convincing it looked . . . anyone can knock up a convincing copy of a genuine AOL (or HSBC or PayPal etc etc) web page and put a form on it, but they cannnot spoof the URL to appear to be a real AOL URL. The person who manages to find a way to get a fake URL to appear in the address bar of Internet Explorer will make a fortune.


[/ QUOTE ]

Erm ... they can and they have .... in IE anyway.. there is a patch available for IE that limits this security flaw:
http://support.microsoft.com/default.aspx?scid=kb;en-us;833786
I think thats the right page ...

Never trust any email asking you to confirm or update any payment/bank details. If you do need to contact an organisation - look up their contact details and initiate the comunication that way.
If there is a hyperlink then copy down the visible URL and manually enter it into your browser.
Same goes with phone calls - if the "bank" calls you and asks for various details I would be dubious - far better if you can initiate the call.

I've just spent christmas cleaning up an infected PC for a friend, then updated all his virus definitions and programs to the latest available ... and he had NAV installed ...

 

[snowleopard]

yes, it's not just email. i had a phone call supposedly from barclaycard. the woman started by saying 'we just need to confirm that we are talking to the right person... what is your mother's maiden name?'

next time i think i'll just tell a pack of lies.

 

[webcraft]

Re: spoofed URLs in status / address bars

Very devious . . . but looking at the list of affected systems it would seem that you are OK if running XP SP2.

Anyone running XP who hasn't installed XP2 is asking for trouble IMHO.

In fact, let me rephrase that - anyone with a computer is asking for trouble. If you don't want any hassle buy a television insted . . . /forums/images/graemlins/frown.gif

- Nick

 

[oldharry]

Re: spoofed URLs in status / address bars

[ QUOTE ]

In fact, let me rephrase that - anyone with a computer is asking for trouble. If you don't want any hassle buy a television insted . . . /forums/images/graemlins/frown.gif



[/ QUOTE ]

Think I'll buy a boat....... /forums/images/graemlins/crazy.gif

 

[pvb]

Re: spoofed URLs in status / address bars

Good idea, Jon, and much safer than a computer!