AOL Password Cropping Scams
The PPC team discovers yet another scam to rob AOLers of their ID and password. David Dorn spills the beans
There is an ongoing campaign in some quarters to steal user IDs (Screen names) and passwords for nefarious purposes, and, ever so often another twist on the same theme crops up.
Despite the powers that be constantly reminding us all that AOL will never ask for your password, though, enough AOLers fall for the tricks that the thieves use and part with their precious details. The latest scam is even more invidious than usual - it does its best to grab the Master screen name's details, thus giving its perpetrator access to all seven possible screen names allied to that account.
So, how do you spot the latest scam?
Here's what the email you might receive says:
Below is the result of your feedback form. It was submitted by
(TOSGeneral@aol.com) on Wednesday, September 5, 2001 at 23:25:22
-------------------------------------------------------
: Dear Member:
We have recently been receiving a startling amount of error logs in our system regarding certain members' accounts, including yours. The reason for this could range from abrupt disconnection's from AOL, or technical difficulties. However, there is a possibility that the errors present in our database have to do with unauthorized usage of your account from others.
To rule out the possibility of others having unauthorized access to your account, it is required that you visit our online help area at www.verify-aol.com for further assistance with this issue. If you did not receive this on your primary screen name, it could be due to your mailbox being full. Please have the billing contact or primary screen name holder view this online area.
Failure to comply with the above instructions will lead to the suspension of your account, and prolonged investigation into this matter. We are sorry to inconvenience your AOL experience, but this matter must be dealt with immediately.
Please click here to fix these problems
Sincerely,
John Hatchman
AOL Investigations Dept.
<a href="aol://1223:3998/http://www.aol-verify.com/">AOL Member Services </a>
You'll notice that I've expanded the URLs that it lists - but let's go through it to show how you can recognise this as a complete scam.
To begin with, why would you, as a user, get the results of a form filled in by another user, unless you'd set the form up in the first place?
Next, if AOL needs you to complete a form for any reason, it won't be at a web URL like www.verify-aol.com - it would be at a normal AOL window - but, you'll note from the expanded URL (denoted by the <a href ...> stuff above that the perpetrator of this particular scam has tried to hide what he's doing by using an AOL style URL container - and that's another dead giveaway that this isn't kosher.
Finally, AOL would never threaten suspension of an account in this way - so there you have three dead giveaways that this isn't what it at first sight seems to be.
Investigation
We at PPC being curious sorts, though, I've been and had a look at the site that does the password pinching, and have actually managed to identify the perpetrator. He's been clever, no doubt, but a few minor misunderstandings of how HTML works on his behalf let me get to the source code for the rip-off and discover where the information goes to when anyone is daft enough to fill in the form that's contained there.
Naturally, we've forwarded all the details to COSMAIL1 - the branch of AOL that deals with this kind of thing, so I'd expect that the perpetrator will be stopped very soon.
In the meanwhile, please remember that under no circumstances will AOL ever ask for your password, either by email, a form or by any other method.
