August 4, 2000 1:50 PM PDT
Credit card scammers fish for AOL members
According to an AOL member who contacted CNET News.com, over the past 24 hours some AOL Instant Messenger subscribers have received a message informing them of credit card problems. The scam directs members to a site on AOL's Hometown service, a personal Web site builder, and requests credit card information to update customer records.
AOL spokesman Rich D'Amato said the company will remove the page and plans to conduct an investigation into the source of the messages.
AOL has no knowledge that any member actually fell for the trick.
D'Amato added that AOL never asks customers to provide account or credit card information and routinely warns customers not to respond to such requests.
AOL has been hit with a number of attacks by con artists or other malicious Web hackers, some of who have met with success in prying credit card information from unwitting members and company staff.
Many attacks use a technique called account "phishing," in which email scammers try to trick members into divulging their passwords or credit card numbers.
In one incident two months ago, Wichita, Kan., police arrested two 15-year-olds for allegedly stealing AOL members' credit card numbers and buying thousands of dollars in online goods. The two teenagers allegedly sent phony emails to subscribers signed with AOL chief executive Steve Case's name, asking them to go to a Web site to update subscriber information, including credit card data.
About a month ago, AOL improved security with a new feature called "Official AOL Mail," aimed at making it difficult for malicious hackers or con artists to trick subscribers.
AOL's D'Amato said he was unaware of the number of credit card scams that have targeted AOL and could not say how many investigations have led to arrests.
He said investigations are complicated, as many con artists can easily disguise their tracks using free Web services that don't require subscribers to supply contact information. In other cases, D'Amato said, con artists have used stolen AOL accounts to access other members online.
AOL also has grappled with recent network security breaches. In June, AOL confirmed that hackers broke into 200 member accounts by sending company employees an email virus.
The virus targeted employees authorized to review and edit account data, including credit card information and passwords. AOL did not say what kind of information was compromised by the attack.