- From: Shawn Duffy <Shawn.Duffy@corp.aol.com>
- Date: Thu, 15 Nov 2007 07:20:49 -0500
- To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
- CC: public-wsc-wg@w3.org
I have a pretty good idea of what this is, though I lack the details as of right now. This sounds like an issue we've been working on for quite some time. It involves open URL redirects. The URL would look something like this: http://search.aol.com/redir?url=http://www.something.com This is done for tracking click-throughs and so on. Unfortunately, you can put any URL on the end and it will redirect you. We've seen this being used to redirect users to phishing sites when they believe they're clicking on an AOL link. This is something I've personally been involved in for some time but the change isn't trivial. We need a way to track clicks without redirecting to arbitrary URLs. There is a fix currently in the works but it's just going to take some time. This isn't AOL-specific either. Google, Yahoo, and many others have the same problems unfortunately. Thanks, Shawn Mary Ellen Zurko wrote: > > I'm curious about what AOL can do to "fix this issue". Doesn't sound > like a simple spoof. Anyone know? > > > http://www.scmagazineus.com/Phishing-scam-uses-AOL-address-to-target-eBay-users/print/96319/ > > > *Phishing scam uses AOL address to target eBay users* > > Jim Carr <http://www.scmagazineus.com/Jim-Carr/author/83/> > November 12 2007 > > > Unknown phishers are using a widely recognized name, AOL > <http://www.scmagazineus.com/pages/search.aspx?q=AOL&pagetypeid=7&cx=013960771559195911098:vozsgygtesi&cof=FORID:11>, > to disguise a false eBay > <http://www.scmagazineus.com/pages/search.aspx?q=eBay&pagetypeid=7&cx=013960771559195911098:vozsgygtesi&cof=FORID:11>sign-in > site, according to the security research team at Fortinet > <http://www.scmagazineus.com/pages/search.aspx?q=Fortinet&pagetypeid=7&cx=013960771559195911098:vozsgygtesi&cof=FORID:11>. > > The scam collects personal information that could put eBay users at risk > for account or identity theft, the company said. > > Scam emails, claiming to be from a member of eBay's security team, > notify recipients that they have a security alert to resolve. The emails > entice victims to click the AOLSearch link, which contains what appears > to be an AOL URL address, in order to take action, according to Fortinet. > > Following the phishing link takes the user to a site seeking personal > information, thus putting the victim at risk of identity theft. > > Phishing scams are hard to shut down because it's part of [scammers'] > basic business model," said Derek Manky, Fortinet security research > engineer. > > "We don't have a clue who the originator [is],” he told > SCMagazineUS.com. “[The phishing email] landed in one of our > researcher's inbox." > > Manky added that increasing user awareness is the best protection > against social engineering > <http://www.scmagazineus.com/Phishing-scam-uses-AOL-address-to-target-eBay-users/print/96319/social%20engineering> > attacks. > > "In this case, email is a medium that should be treated as untrusted. > Before following any links, users should always take careful > consideration of the link, and they should never follow a third party's > suggestion,” he said. > > Fortinet said that “AOL is currently fixing this issue.” > > An AOL representative could not be immediately reached for comment. > > > -- shawn duffy - shawn.duffy@corp.aol.com senior technical security engineer | aol it security 703.265.8273 | AIM: ShawnDuffy1 https://open-itsec.office.aol.com/ https://www.itsec.aol.com/
Received on Thursday, 15 November 2007 12:21:27 UTC