Spoof Email Hoax guide, book terminology, how to identify first edition books and THE online auction watcher - MillerSmiles.co.uk

 

REPORT SUMMARY

Date Reported
10th January 2004

Apparent Sender
AT&T

Subject
Billing Update
Requested (URGENT)

Senders Address
(spoofed)

AT&T Billing
billing@
worldnet.att.net

Content
text with a
cloaked link to a
forged AT&T web
page - the link
also exploits a bug
in Internet Explorer
to display the page
with the genuine
site URL in the
address bar
(see image)

Spoofed Web page/site?
Yes

Web page/site
content

forged AT&T web
page with web form
requiring, credit or
debit card and ATM
PIN numbers, Bank
details, etc, etc

Web page/site origin
TRUE URL
http://
61.152.144.249:
4453/...
OR
SPOOFED URL
http://
webauth.att.net:
AuthN.login.
sid=3Dc0

Identity Theft method
Web form
information
is captured by the
scammers using a
CGI script while you
see a fake thankyou
& confirmation
page which then
redirects you to
the genuine AT&T
site

More...

HOME

Latest
email scam

See our guide to
phishing scams

Other
Resources...

See our guides to

1st Edition Books

Book Terminology

Free Utilities...

Worldwide Currency
Converter

Auction Watcher

List of
Auction Sites

 

   
 

AT&T Billing Update Requested (URGENT) - Email Scam
10th January 2004

 

This email claims that your Credit Card was decline, but its a scam ...

This scam takes the form of a text email with a link (see images below), but the link is disguised (cloaked) to look like a genuine AT&T web page link, which it is not.

This link also exploits a known bug in Internet Explorer browsers which allows the URL (site address shown in the browser address bar) to be spoofed. This means that if you use that link, Internet Explorer browsers will open the forged page that it points to, but with the URL shown as http://webauth.att.net: AuthN.login. sid=3Dc0 (see image below). The true URL is actually http://61.152.144.249:4453/ which traces back to Shanghai General Electric Co. (China).

This bug has been increasingly exploited by email scammers of late, and we eagerly await a patch from Microsoft. The vulnerability can also allow a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the cloaked link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker.

 

Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...

Email Alerts
Add your email address to our email alert service...
Subscribe

Privacy Policy

RSS News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including My Yahoo!).
Scam Alert News Feed

You can even put the latest alerts on your own web site.

 
IS YOUR BROWSER VULNERABLE TO
URL CLOAKING
CHECK NOW!
 
WE ALL NEED YOU!
FORWARD
YOUR EMAIL SCAMS
TO KU.OC.SELIMSRELLIM@FOOPS
and help us to
build awareness and
help others


The forged web page that this cloaked link opens, sends any data entered into the form onto the scammers using a CGI script located on the same server. Once you submit this form, you will see a forged Success/Thank you page and then be redirected to the genuine AT&T site.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

Take a good look at the following images, because this hoax email scam may be coming to an inbox near you!

The Email ...

 

Billing Update Requested (URGENT) - Email Scam


Go to top of page.

The fake web page...

 

Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot
Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot
Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot
Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot
Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot
Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot
Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot Billing Update Requested (URGENT) - AT&T forged web page snapshot

Spoof Email Hoax guide, book terminology, how to identify first edition books and THE online auction watcher - MillerSmiles.co.uk
Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax.