A spoofed AOL email which claims that your card was declined after an attempted charge and links to a bogus AOL billing information form...

This spoofed AOL email (see below) is in plain text format and relies on the recipient falling for the suggestion that an attempt to charge their credit card has been declined, and believing that the link is to a genuine AOL page by virtue of the mere presence of the three letters in the link text.

The link does of-course take you to a bogus AOL page but before your browser displays the content, you are presented with a pop up alert box as shown below. Closing the alert box by clicking 'OK' will allow the very convincing page to be displayed. The forged page is constructed using the aol.com site's own code and script (linked to from withing the page HTML code), and it presents the viewer with an 'AOL Billing Centre' form. The page author(s) attempt to add a further sense of authenticity to the page by including 'Answers to common questions' links that presents answers in pop up alert windows, as well as a mention in red about the logging of your browser information for fraud prevention purposes.

The URL of the bogus page - http://aol.account-cgi.com/update.htm - resolves to a Yahoo Inc. user's web space. Submitting the form will see the information sent to a Hotmail email account (speed_man0@hotmail.com) while your browser is directed to a genuine AOL page.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these spoofs, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

Dear Member,

We recently attempted to charge you $25.90 for your unlimited cycle
use plan and your credit card issure denied payment to our billing systems.
This usually occurs when billing information is out of date or the billing address is false.
In order to keep your service active, You must visit our Service Center lmmediately!


If your account information is not updated within the next 24 hours,
We will be forced to terminate your account. Thank you for
cooperation towards this urgent matter. Please visit our billing center
* To start Please Open a new browser and paste this url there for your saftey.

http://aol.account-cgi.com/update.htm

Regards,

Jane Honigs
Billing Dept

The pop up alert box shown before the page is displayed...

The bogus web page...