TSK Security Brief - - 26mar99 AOL Logon/Password Scam ___________________________________________ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ T*S*K T*S*K The Shadow Knights Security Corp. T*S*K T*S*K http://www.ShadowGovt.net ___________________________________________ ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ Brief written by - - The Phantom x^\|/^x http://server.com/WebApps/byo.cgi?id=5101 http://server.com/WebApps/byo.cgi?id=5102 http://server.com/WebApps/byo.cgi?id=5103 http://server.com/WebApps/byo.cgi?id=5104 http://server.com/WebApps/byo.cgi?id=5105 http://server.com/WebApps/byo.cgi?id=5106 The above links are from a scam e-mail that has been sent to who knows how many AOL members. The setup is fairly elaborate and is a little harder for the common AOL user to detect then most AOL E-mail scams. Because most AOL users are not familiar with the 'real' Internet the scam has probably collected at least 80% of the logon/password combos it has set out to snatch. Though I am not sure to the extent off the scam, I do know that this is yet another attempt at a breach in AOL security thanks to a little Social Engineering. I received the e-mail via BCC from Pitwell@aol.com . The scam includes a subject of 'AOL Internet Accelerator' and the body contains claims of faster Internet access IF you give your logon/password combo. Body of message also includes details about the Personal Filing Cabinet and gives a Keyword where you can go to change your password. These scams will only continue if ignorance seems never to subdue. Please, if you are an AOL user (like myself) never, ever, EVER giveaway your account information to an unauthorized source. AOL Staff will NEVER ask for your password to your Logon account. Below is the exact text of the scam e-mail (A). I have checked out the supposed links above and they look to be from a free CGI Scripting Service. The BYO Forms (Build Your Own Forms from the WebApps Service) are available at no cost unless of course you wish the advertisement banner (which is included in the free service) not to be shown. In an attempt to chat with 'John Cuber' (assuming that is his real name), AKA Pitwell@Aol.com, I was denied any communication. I have attempted multiple e-mails and still have not been able to reach him. If you do receive this scam or similar scam e-mail, forward all the scam e-mails to TOSEMail1@aol.com . Webmaster@ShadowGovt.net - TSK Security Corporation - http://www.ShadowGovt.net KnightNews Network - http://www.HackerNews.net (A). "Dear Member, Storing your sign-on password can make web surfing faster! A password for your Personal Filing Cabinet protects its contents by making it necessary to enter a password each time your PFC is accessed. We recommend that you use the same password for both. You can only store passwords for the account with which you are currently signed on. NOTE: Storing passwords does not change your sign-on password. To change your sign-on password, go to Keyword: Password. We are currently introducing new web surfing technology that allows faster surfing by storing your password on the Internet. Each time you go to a web site your browser checks your password to make sure you are currently signed on. Storing your password will make surfing faster & easier and you will experience speeds 250% faster then your current. Click Here To Store Your Internet Password Today! Sincerely, John Cuber"