AT&T - Additional verification - Phishing Scam
19th February 2004

Your AT&T account has been chosen for random verification...

read also our brief guide to Phishing

This AT&T email (see image below) is a forgery which contains a disguised link to a forged web page which aims to convince users to give up their financial information.

The forged web page was being hosted in Cyber World Internet Service's web space and has been removed already. The link further utilises the URL spoofing vulnerability that exists in unpatched versions of Internet Explorer. This bug allows the URL (in the browser address bar) to be spoofed - for instance, www.ebay.com could be shown while a forged page at a completely different URL would be shown in the browser window. Please ensure that you run Windows Update to patch your version of Internet Explorer.

This bug has been increasingly exploited by email scammers in the last 4 to 6 months, and they continue despite Microsoft's recent patch. The vulnerability allows a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker (which will also reveal the true origin of the web page that you are viewing).

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

Take a good look at the following images, because this email scam may be coming to an inbox near you!

The Email ...