14 DAY TRIAL // A new phishing attack is targeting AOL subscribers by claiming that they need to update their account billing information in order to avoid facing restrictions.
The rogue emails have their header spoofed to appear as originating from "AOL Member Billing Services" <[email protected]> and bear a subject of "Billing update on file must be performedz."
The body uses an AOL template which includes an AOL Member Services banner and the enclosed message reads:
"Our records indicate that your account hasn't been updated as a part of our regular account maintenance. Our new SSL servers check each account for activity and your information has been randomly chosen for verification. AOL Member Services strives to serve their customers with better and secure banking service.
Notification: Failure to update your account information may result in account limitation at shopping on our portal."
A link called "Update your information" is included and, if clicked, takes recipients to a phishing page which displays a form for inputting a wealth of information.
This includes name, address, city, state, zip code, country, phone number, birth date, Social Security number, driver's license number, as well as credit card type, number, CVV2, PIN, expiration date, issuing bank, bank routing number and bank check account.
Information about the AOL account itself, such as screen name, password, security question and answer are also required.
"Scammers, malware authors and phishers continue to prey on the unwary by writing semi-believable things in a friendly font," warns Graham Cluley, senior technology consultant at Sophos.
"Although many skeptical computer owners may consign such emails immediately to the garbage bin, there are always a few vulnerable folks who click before they think," he adds.
When receiving such emails from service providers or companies they do business with, users should call them over the phone and verify the authenticity of the messages before disclosing any type of information.
This is not the first time when AOL customers are targeted by phishers. In May 2009, a similar campaign asked users to update their billing information because a payment could not be processed.