This is nothing new and has been going on for years now, people have been spoofing aol login pages, hotmail login pages , you name it. It's up to the user to know not to open or listen to emails from strangers and I think AOL does a good job of pounding it into their users heads, but some just dont understand. -----Original Message----- From: Meritt James [mailto:meritt_jamesat_private] Sent: Thursday, June 21, 2001 11:25 AM Cc: INCIDENTSat_private Subject: Another AOL trick I've received two mailings at my AOL account requesting credit card numbers and directing users to a web page that APPEARS (good use of graphics,...) to be an AOL web page. An investigation of the web page source code reveals that the information is emailed to Hotmail email accounts. Hard to avoid someone who is an AOL member, paranoid, and technically capable of reading email header information (track the spoof) and web page source (using POST to collect the data...) AOL said "We didn't do it, would NEVER do it" and is trying to get them now... Thought you would like to know... -- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 10:35:56 PDT