Another AOL trick

["Meritt James" <meritt_james () bah com>]

I've received two mailings at my AOL account requesting credit card
numbers and directing users to a web page that APPEARS (good use of
graphics,...) to be an AOL web page.  An investigation of the web page 
source code reveals that the information is emailed to Hotmail email
accounts.

Hard to avoid someone who is an AOL member, paranoid, and technically
capable of reading email header information (track the spoof) and web
page source (using POST to collect the data...)

AOL said "We didn't do it, would NEVER do it" and is trying to get them
now...

Thought you would like to know...


-- 
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566