My mother received recently received a beautifully done AOL scam. It's the
kind of thing you read about but rarely get to see firsthand.
The message she received is from the AOL Billing Services Team. She forwarded it to her accounting department--moi--because I pay for her account. (She has me to blame for using AOL, I know). It took less than a minute to figure out something wasn't right.
For one thing, the e-mail header showed that the AOL Billing Services Team as blind copying her using version AOL 5.0. You'd think they could use a more current version, right? There's more: The return address was Remindingyou@aol.com and the subject line had a misspelling.
I followed the Billing link in the message. At first glance I saw an AOL Welcome box. Take a careful look and you'll know why something's not quite right. Yep, lots of misspellings.
I went along with the game plan and clicked OK. Now I was staring into what looked like a remarkably authentic credit card payment form.
Is It Really You?
To make sure it's really you, they also want your Social Security Number, date of birth, driver's license number, and mother's maiden name. With that, the scammers can get to "identity theft" heaven before you shut down your PC for the night.
But they're not finished. How about throwing in your AOL screen name and password, something even novices know AOL wouldn't do. To add a level of legitimacy, they warn you that, "For your safety, Please do not download any files from strangers. AOL will never ask you to download anything."
I went to http://www.samspade.org, my favorite Web examination site, and traced the Billing link. It's an obfuscated URL: http://www.aol.com-billing:firstname.lastname@example.org that leads to http://072002.hypermart.net. (That's because any characters before the @ sign are ignored.) And all it took was a quick web search with Google.com to find locations loaded with other AOL scamming files. I found one at the top of Google's search: http://kenel.hypermart.net/aol-scam/ (no longer there)
What I did
I contacted Rich D'Amato, one of AOL's security people. I met Rich years ago because of a story I did on AOL. It's been four days and I haven't heard back from him. I also sent a message to email@example.com. Nope, I didn't hear from them either. And the site's sill up and running.
What you should do
The best AOL protection strategy is to be alert to constant scams. You know, if it looks like a duck, smells like one, and occasionally quacks, there's a good chance it is one.
If you're unsure about a billing question, it's best to call AOL's billing services directly at 800/827-6364, or their Screen Name/Password line at 888/265-8004.
Here's the message, complete with headers:
Date: Fri, 5 Jul 2002 04:26:47 EDT
Subject: Possible Service Interuption
X-Mailer: AOL 5.0 for Windows sub 138
Thank you for choosing America Online. Unfortunately there has been a
problem processing your billing information for the month of July, 2002.
Please review our billing requirements at KW: Billing. You will be able to
update your billing information quickly and easily using our secure server
webform. Please understand that without promptly updating your billing
information, your America Online Internet service may be discontinued. To
update your billing at this time, please visit our secure server webform by
clicking the hyperlink below.
America Online Billing Services.
We appreciate your business and hope to keep you as a customer for life.
America Online is so easy, no wonder it's number 1 !
The AOL Billing Services Team