Spoof Email Hoax guide, book terminology, how to identify first edition books and THE online auction watcher - MillerSmiles.co.uk

 

REPORT SUMMARY

Date Reported
21st December 2003

Apparent Sender
Earthlink

Subject
Problems With Your
Earthlink Account

Senders Address
(spoofed)

Earthlink.net

Content
text and a
link to forged
Earthlink web pages
(see images)

Spoofed Web page/site?
Yes

Web page/site
content

forged Earthlink web
page with web form
requiring user
name & password,
name & address,
Bank, Credit or Debit
Card and ATM PIN
details, etc

Web page/site origin
URL
http://
211.154.171.106/...

Identity Theft method
Web form information
is captured and
relayed to the
scammers using
PHP script

 

More...

HOME

Latest
phishing scam

Another
Bank Email Scam

See our guide to
phishing scams

Other
Resources...

See our guides to

1st Edition Books

Book Terminology

Free Utilities...

Worldwide Currency
Converter

Auction Watcher

List of
Auction Sites

 

   
 

Earthlink Account - Email Scam
21st December 2003

 

Problems with your Earthlink account? No! Its a Scam ...

Another convincing Email Phishing Scam targets Earthlink account holders. This time, we have a fake email which advises the recipient that Earthlink 'were unable to charge your card' and goes on to ask that you use the text link provided to provide your correct billing information, etc. See an image below.

The text link shown in the email is a cloaked link (disguised using html code - see our article on cloaking of links in emails) and it bears no resemblence to the site that you will actually arrive at if you use it. By constructing the link in this way, the scammers are exploiting a partial vulnerability in Mozilla based browsers (which include Internet Explorer). This vulnerability will display the site URL (in the browser address bar) incorrectly, and this case it will show https://www.earthlink.net, but this is not the true site URL at all and you are definitely not at the Earthlink site!

Using that link will actually take you to http://211.154.171.106/.. which resolves to a server located in Beijing, China. This, of-course, has nothing to do with Earthlink at all.

 

Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...

Email Alerts
Add your email address to our email alert service...
Subscribe

Privacy Policy

RSS News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including My Yahoo!).
Scam Alert News Feed

You can even put the latest alerts on your own web site.

 
IS YOUR BROWSER VULNERABLE TO
URL CLOAKING
CHECK NOW!
 
WE ALL NEED YOU!
FORWARD
YOUR EMAIL SCAMS
TO KU.OC.SELIMSRELLIM@FOOPS
and help us to
build awareness and
help others

The other major concern with this scam, is that it uses a Security
Certificate. This security certificate is invalid and unverified, so as
long as you have your brwoser security settings set at medium to high, you should see a warning message about the certificate. You'll notice the 'yellow padlock' symbol at the bottom of the browser window (see images below). If you should ever be presented with a warning message which indicates a problem with a security certificate, you should always refuse (select 'No') it when being asked if you want to proceed.

The forged web pages that you are presented with in this fake Earthlink web site include a web form for you to provide bank, credit or debit card, name, address, Earthlink User Name and password as well as your ATM PIN number. See images below.

If you submit that information, it is processed and captured by the scammers using a PHP script. Information that is captured in this kind of scam is commonly used to hijack the user's identification and use it to commit acts of fraud. The US Federal Trade Commission has reported that $60 Billion has been lost to Identity Theft in the last 5 years (in the US alone), and Gartner report that Identity Theft cases have swelled by 79% from June 2002 to 2003.

Another worrying statistic is the amount of recipients that actually fall for these scams. MailFrontier, for instance, have reported that over 40% of recipients were tricked into thinking that a recent Citibank Email Scam was genuine.

Take a good look at the following images, because this hoax email scam may be coming to an inbox near you!

If you have received this hoax email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

 

The Email ...

 

Earthlink Account - Email Scam


Go to top of page.

The fake web pages ...

 

using the link in the email should bring up a warning message about the invalid security certificate (so long as your browser security settings are set to check site certificates) ...

Earthlink Account - Fake Security Certificate.

and erroneously accepting that certificate would bring you to the following fake Earthlink pages. Even though this page shows an address as https://www.earthlink.net, this is definitely not its true location!

 

Earthlink Account - Email Scam

 

Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam
Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam Earthlink Account - Email Scam

Spoof Email Hoax guide, book terminology, how to identify first edition books and THE online auction watcher - MillerSmiles.co.uk
© Copyright 2003-2017 Oxford Information Services Ltd. All Rights Reserved.
Also see our brief guide to
Phishing
Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax. Update Seller Account' spoof email hoax.