This is a variation of the InstaKiss fraud, but the message you receive will tell you that your credit card has failed authorization, and that you need to use another credit card - otherwise your Internet access will be cancelled the same day. In addition to your password and your credit card number, this version also tries to steal other information (e.g. your billing address, and certain details printed on the card) that will help the perpetrator use your card.
[aolanywhere.gif]
[Tabs.gif]
AOL Billing Center
_________________________________________________________________
[Logo.gif]
Answers to common questions
* [1]Why have I been brought here?
* [2]I want to stay with AOL, how do I keep my account?
* [3]What if I don't have another Credit Card?
America Online
[#]
[1.gif]
Enter your current credit card billing info
* First Name
____________________
* Last Name
____________________
* Billing Address
____________________
* City
____________________
* State
[..]
* Zip/Postal Code
____________________
* Phone Number
____________________
* Driver's License State [..]
* Driver's License # ____________________
* Mother's Maiden Name ____________________
* Date Of Birth ____________________
* Social Security Number
____________________
* AOL Accepts
[credit_cards.gif]
* Name:
As appeared on the credit card.
____________________
* Card Type
____________________
* Card Number
____________________
* Expire Date
Month: [1.] Year: [2002]
*3 Digit Code on the Back of the Card:
______
* Card Limit
____________________
* 1-800 Number On Back of Card:
____________________
_________________________________________________________________
[3.gif]
Enter New Credit Card. You MUST provide a new card.
* AOL Accepts
[credit_cards.gif]
* Name:
As appeared on the credit card
____________________
* Card Type
____________________
* Card Number
____________________
* Expire Date
Month: [1.] Year: [2002]
*3 Digit Code on the Back of the Card
______
* Card Limit
____________________
* 1-800 Number On Back of Card:
____________________
_________________________________________________________________
[3.gif]
Validate your AOL account.
* Screen Name
____________________
* Password
____________________
Finished
Submit
Important Guidelines
Please type in your current credit card used for your AOL account.
For name and address, please consult your billing records and credit
card receipts. Please type your name and address as it appears on your
credit card statements.
You must be the credit card holder or authorized user of the credit
card.
AOL Prefers The Following:
[partner-aol_welcomes_visa.gif]
[3digits.gif]
Important Guidelines
Since your old credit card failed authorization, please input a NEW
credit card. If we do not get a new credit card by the end of the
business day, your account will be cancelled.
Please type in your New credit card. This card cannot be on AOL's
records, and it has to have a positive balance. Any invalid
information will result in a $50 processing fee.
You must be the credit card holder or authorized user of the credit
card.
For your safety
Please do not download any files from strangers. AOL will never ask
you to download anything.
Just click on the Submit button and you are done!
References
1. http://64.227.155.152/
2. http://64.227.155.152/
3. http://64.227.155.152/
Again, the example above was designed to appear like an AOL-operated service. When sending sensitive information such as passwords over the WWW, it is important to ensure that one is communicating with the correct server, and that only the intended receiver can read the message. In practice, this means using the https scheme - e.g. https://example.com/ - and carefully verifying the server certificate.
All content © 2000–2008 Thor Kottelin, and/or Turvasana Tmi – Safety Words, unless otherwise indicated. Any trademarks or registered trademarks mentioned on this site belong to their respective owners. Content and techniques used on this site may be available for licensing; for details, please contact the webmaster.
Conventional hyperlinking to any content on this site is highly welcomed. However, none of the content on this site may be shown, even partly, in a context inferring or claiming it to be part of, or sponsored by, any other organization or site. Such prohibited techniques include (but are not limited to) framesets, interstitial pages, kiosk mode pop-ups, and reverse proxies.