[ This seems to happen every few months - silly AOL users... - ed. ] From: Cu Digest (tk0jut2@mvs.cso.niu.edu) Subject: Cu Digest, #9.64, Wed Aug 27 97 Computer underground Digest Wed Aug 27, 1997 Volume 9 : Issue 64 ISSN 1004-042X ------------------------------ Date: Thu, 28 Aug 1997 13:42:38 -0500 From: Jim Thomas Subject: File 4--AOL Target of Credit Card Scam The Chicago Tribune (27 Aug '97, p. 3) reported a scam that attempted to target AOL subscribers two weeks ago. The story describes how e-mail, disguised as official correspondence from AOL attempted to entice subscribers to divulge credit card numbers and other sensitive information. The scam worked by inviting subscribers to click on a link that took them to an official looking homepage, where a letter, ostensibly by AOL's CEO Steve Case described AOL's successes in fixing bugs. Subscribers where then asked to update their AOL accounts by supplying confidential information. When AOL users log on to AOL, a prominent note reminds them that AOL personnel will *never* ask for such information. It's not known how many users were victimized by the scam, and the fraudulent homepage was apperently up only for a few hours. Unlike sex-related crimes, there have been no screaming "INTERNET BLAMED IN SCAM ATTEMPT" headlines. That's encouraging. It's hardly a surprise that the Net contains predators, just as do churches, highschools, and police departments. The trick, which the media seem to be slowly catching on to, is not to create hysteria with clueless horror stories, but to stress a few basics. In this case, one of the cardinal rules pertains: Do not give out personal information to strangers on the Net. In this case, however, the scam was sufficiently clever that it could easily catch inexperienced (or even some experienced) netfolk. A second rule then pertains: Double check the sources - if something seems odd, avoid it. The text of "spam" letter setting up the scam was posted on The Well (a public access community in California's Bay Area--http://www.well.com for info) on August 12 by . ============ Tue 12 Aug 97 04:51 I just got what is apparent Spam that would seem to go far beyond illegal... it purports to be from AOL (address is something like "ServerUpdate@aol.com") and contains a letter from Steve Case, along with a URL on an IP-address-only site. When you go to the site, you're in a secure form, purporting to be a reregistration form for you with AOL, asking for various confidential information. The page bears logos for both RSA and VeriSign... it seems to be crafted to *look* legit, for those folks who merely understand that the Internet *can* be secured, somehow. Checking headers, the thing seems to have come from UUNet (surprise!). For those who want to check it out, the URL is http://209.41.43.223/index.htm ------------- here's what I got... NB the bogus domain (aoI.com) and the "Authenticated server is..." comment. Clever enough to catch newbies, certainly. From AOL-ServerUpdate@aol.com Tue Aug 12 08:22:50 1997 Received: from relay6.UU.NET (relay6.UU.NET [192.48.96.16]) by embassy.org (8.8.4/8.8.4) with ESMTP id FAA18670 for ; Tue, 12 Aug 1997 05:24:13 -0400 (EDT) From: AOL-ServerUpdate@aol.com Received: from mail.uu.net by relay6.UU.NET with SMTP (peer crosschecked as: slip129-37-52-122.ca.us.ibm.net [129.37.52.122]) id QQdcgj02863; Tue, 12 Aug 1997 05:24:11 -0400 (EDT) Received: from mail.aoI.com (alt.aoI.com (207.34.342.246)) by aoI.com (8.8.5/8.6.5) with SMTP id GAA01943 for ; Tue, 12 Aug 1997 05:18:19 -0600 (EST) To: ServerUpg@aol.com Message-ID: <173840394782.GAA73847@aoI.com> Date: Tue, 12 Aug 97 05:18:19 EST Subject - Important AOL Information! Please Read. --) Reply-To: AOL-ServerUpdate@aol.com X-PMFLAGS: 34078848 0 X-UIDL: 268493654736a37aeb4b67463529878e Comments: Authenticated sender is Special News Bulletin: August 12, 1997 Dear Members: As you know, the number one priority for all of us at America Online continues to be meeting our obligation to provide you with the best possible service. We have been working day and night to fix the busy signal problem and to catch up with the incredible surge in demand for AOL. In this month's letter, I'd like to give you an update on how we are doing. When it became clear to us that unlimited use pricing stimulated more demand for AOL than we had anticipated, we announced a $350 million expansion program and made four commitments to you: - To expand system capacity as quickly as possible - To serve our existing members before adding new members - To work extremely hard to maintain the loyalty of members who've had problems with busy signals - To communicate frequently about the steps we are taking to improve AOL So let me update you on what we're doing to meet each of those commitments, including the development of a new server which offers a higher system capacity. You may either take a moment to read in depth about the steps we have taken, or just complete the required update of your information on our new servers. Please Click HERE to Continue. All you have to do is click on the text above with your left mouse button and it will take you directly to our new information screen. Thank you for your Cooperation, AOL Member Services Below are the Headers used by AOL's newly developed servers. Please Disregard these they are of no importance.