W3C home > Mailing lists > Public > public-wsc-wg@w3.org > November 2007

Re: Phishing scam uses AOL address to target eBay users

From: Shawn Duffy <Shawn.Duffy@corp.aol.com>
Date: Thu, 15 Nov 2007 07:20:49 -0500
Message-ID: <473C39A1.9030209@corp.aol.com>
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
CC: public-wsc-wg@w3.org

I have a pretty good idea of what this is, though I lack the details as
of right now.  This sounds like an issue we've been working on for quite
some time.  It involves open URL redirects.  The URL would look
something like this:

http://search.aol.com/redir?url=http://www.something.com

This is done for tracking click-throughs and so on.  Unfortunately, you
can put any URL on the end and it will redirect you.  We've seen this
being used to redirect users to phishing sites when they believe they're
clicking on an AOL link.

This is something I've personally been involved in for some time but the
change isn't trivial.  We need a way to track clicks without redirecting
to arbitrary URLs.  There is a fix currently in the works but it's just
going to take some time.  This isn't AOL-specific either.  Google,
Yahoo, and many others have the same problems unfortunately.

Thanks,
Shawn

Mary Ellen Zurko wrote:
> 
> I'm curious about what AOL can do to "fix this issue". Doesn't sound
> like a simple spoof. Anyone know?
> 
> 
> http://www.scmagazineus.com/Phishing-scam-uses-AOL-address-to-target-eBay-users/print/96319/
> 
> 
> *Phishing scam uses AOL address to target eBay users*
> 
> Jim Carr <http://www.scmagazineus.com/Jim-Carr/author/83/>
> November 12 2007
> 
> 
> Unknown phishers are using a widely recognized name, AOL
> <http://www.scmagazineus.com/pages/search.aspx?q=AOL&pagetypeid=7&cx=013960771559195911098:vozsgygtesi&cof=FORID:11>,
> to disguise a false eBay
> <http://www.scmagazineus.com/pages/search.aspx?q=eBay&pagetypeid=7&cx=013960771559195911098:vozsgygtesi&cof=FORID:11>sign-in
> site, according to the security research team at Fortinet
> <http://www.scmagazineus.com/pages/search.aspx?q=Fortinet&pagetypeid=7&cx=013960771559195911098:vozsgygtesi&cof=FORID:11>.
> 
> The scam collects personal information that could put eBay users at risk
> for account or identity theft, the company said.
> 
> Scam emails, claiming to be from a member of eBay's security team,
> notify recipients that they have a security alert to resolve. The emails
> entice victims to click the AOLSearch link, which contains what appears
> to be an AOL URL address, in order to take action, according to Fortinet.
> 
> Following the phishing link takes the user to a site seeking personal
> information, thus putting the victim at risk of identity theft.
> 
> Phishing scams are hard to shut down because it's part of [scammers']
> basic business model," said Derek Manky, Fortinet security research
> engineer.
> 
> "We don't have a clue who the originator [is],” he told
> SCMagazineUS.com. “[The phishing email] landed in one of our
> researcher's inbox."
> 
> Manky added that increasing user awareness is the best protection
> against social engineering
> <http://www.scmagazineus.com/Phishing-scam-uses-AOL-address-to-target-eBay-users/print/96319/social%20engineering>
> attacks.
> 
> "In this case, email is a medium that should be treated as untrusted.
> Before following any links, users should always take careful
> consideration of the link, and they should never follow a third party's
> suggestion,” he said.
> 
> Fortinet said that “AOL is currently fixing this issue.”
> 
> An AOL representative could not be immediately reached for comment.
> 
> 
> 

-- 
shawn duffy - shawn.duffy@corp.aol.com
senior technical security engineer | aol it security
703.265.8273 | AIM: ShawnDuffy1
https://open-itsec.office.aol.com/
https://www.itsec.aol.com/
Received on Thursday, 15 November 2007 12:21:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:53 GMT