AOL phishers go for the gold

Screenshot of AOL phishing email

Screenshot of AOL phishing email

I just came across another phish in which the scammers take the tactic of asking you for everything they possibly can while they have you “on the hook.”

The text of the email reads

Dear AOL Member,

We were unable to process your most recent payment. Did you recently changed your bank, phone number or credit card ?

To ensure that your service is not interrupted, please update your billing information today by following this steps,

1. Visit
2. Enter all your information
3. Click Submit to update your billing information

PS: The link in this massage will be expire within 24 Hours . You have to update your payment information.

Sincerely, AOL Member Services

Of course, tricking you requires that you are a paying AOL customer… and that you won’t notice the stereotypically bad grammar. Clearly, they should have better targeted their attack, perhaps only sending it to AOL email addresses. The domain name the email redirects you to seems to be a bit of a phishing haven, having hosted Paypal phishes only a few days ago.

Looking more deeply into the WHOIS details, I found a whole string of scams that appear to operate over Amazon’s affiliate payment system. Some IPs associated with this attack are storing pre-populated WordPress SQL files containing all the wonderful fake comments about the products they purchased through this series of bogus blogs. All they need to do is search and replace a product name, import the SQL, and voilà, instant website.

Like most phishes, this one borrows a lot from the real AOL website. It takes some liberties with the form to ask you for a surprising quantity of information: Name, address, home and work phone, Social Security Number, mother’s maiden name, birthday, drivers’ license, credit card, ATM PIN, bank, bank phone, bank account number/routing number and AOL screen name and password.

Form on phishing web page

I have talked about this tactic before in relation to bank phishing attacks. If the scammers can convince you that they are who they say they are, they might as well ask you for every last detail you are willing to surrender. This one might go far enough, though, to tip off a suspicious victim.

I have to thank the criminals for leaving a public copy of all of their website code lying around so I could see what they were up to. Once you fill out the form, it’s emailed to a series of Hotmail addresses that still appear the be active.

AoL sPaM ReZult

Never trust emails purporting to confirm account details, and continue to encourage your user community to avoid clicking links within emails. Despite the predictions of visionary Bill Gates, the spam problem has not been solved… Stay vigilant.