Security Incidents mailing list archives
RE: Another AOL trick
From: Justin Lintz <jlintz () optonline net>
Date: Thu, 21 Jun 2001 14:20:11 -0400
This is nothing new and has been going on for years now, people have been spoofing aol login pages, hotmail login pages , you name it. It's up to the user to know not to open or listen to emails from strangers and I think AOL does a good job of pounding it into their users heads, but some just dont understand. -----Original Message----- From: Meritt James [mailto:meritt_james () bah com] Sent: Thursday, June 21, 2001 11:25 AM Cc: INCIDENTS () SECURITYFOCUS COM Subject: Another AOL trick I've received two mailings at my AOL account requesting credit card numbers and directing users to a web page that APPEARS (good use of graphics,...) to be an AOL web page. An investigation of the web page source code reveals that the information is emailed to Hotmail email accounts. Hard to avoid someone who is an AOL member, paranoid, and technically capable of reading email header information (track the spoof) and web page source (using POST to collect the data...) AOL said "We didn't do it, would NEVER do it" and is trying to get them now... Thought you would like to know... -- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566
Current thread:
- Another AOL trick Meritt James (Jun 21)
- RE: Another AOL trick Justin Lintz (Jun 22)