Phishing scam uses AOL address to target eBay users

I'm curious about what AOL can do to "fix this issue". Doesn't sound like 
a simple spoof. Anyone know? 


http://www.scmagazineus.com/Phishing-scam-uses-AOL-address-to-target-eBay-users/print/96319/


Phishing scam uses AOL address to target eBay users

Jim Carr
November 12 2007


Unknown phishers are using a widely recognized name, AOL, to disguise a 
false eBay sign-in site, according to the security research team at 
Fortinet.

The scam collects personal information that could put eBay users at risk 
for account or identity theft, the company said.

Scam emails, claiming to be from a member of eBay's security team, notify 
recipients that they have a security alert to resolve. The emails entice 
victims to click the AOLSearch link, which contains what appears to be an 
AOL URL address, in order to take action, according to Fortinet.

Following the phishing link takes the user to a site seeking personal 
information, thus putting the victim at risk of identity theft. 

Phishing scams are hard to shut down because it's part of [scammers'] 
basic business model," said Derek Manky, Fortinet security research 
engineer. 

"We don't have a clue who the originator [is],? he told SCMagazineUS.com. 
?[The phishing email] landed in one of our researcher's inbox."

Manky added that increasing user awareness is the best protection against 
social engineering attacks. 

"In this case, email is a medium that should be treated as untrusted. 
Before following any links, users should always take careful consideration 
of the link, and they should never follow a third party's suggestion,? he 
said. 

Fortinet said that ?AOL is currently fixing this issue.?

An AOL representative could not be immediately reached for comment.