register
-- Home
-- Phishing Archive
-- Report Phishing
-- Events
-- APWG News
-- Resources
-- Membership
-- APWG Member Site
-- Contact Us
-- JOIN THE APWG
 
LATEST NEWS IN THE FIGHT AGAINST PHISHING:		  
 
 
     
     
     
     
 

AOL- 'Credit Card Declined Notice'
09-Mar-2005

Summary
Email title: 'Credit Card Declined Notice'
Scam target: AOL customers
Sender:

AOL Member Services <customersupport@aol.com>
Sender spoofed/hidden? Spoofed
Scam goal: Getting victim's credit card and bank account information, AOL username/password, personal information
Phish link method a 'Click here' type link
Link 'masked'? Yes
Visible link: 'Immediately by clicking here'
Actual link to: http://mansmedia3.com/aol-startpage/index.php
Phish website IP: 64.202.163.3
 
Overview
 
A wide-spreaded, but unsophisticated phish.
 
E-mail
 
The email lure for this scam looks fairly exaustive and seemingly formal:
 
 
The spoofed sender and the hidden link are the persuasive points, but the anonymous 'Dear AOL user' and the unusual policu described are clues of scam.
 
Web Site
Visible link: 'Immediately by clicking here'
Actual link to: http://mansmedia3.com/aol-startpage/index.php
Phish website IP: 64.202.163.3
 
The website itself is quite plain. There is no address bar spoofing, so the scammy URL can be seen:
 
 
And the page demands way too much information:
 
 
There is no secure HTTPS session initiated, either. This points strongly towards phishing.
 
WHOIS data (for IP 64.202.163.3) :

IP Location: - Arizona - Scottsdale - Go Daddy Software Inc
Record Type: Domain Name
Name Server: WSC1.JOMAX.NET WSC2.JOMAX.NET
ICANN Registrar: GO DADDY SOFTWARE, INC.
Created: 26-feb-2005
Expires: 26-feb-2006
Status: REGISTRAR-LOCK
Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, Go Daddy Software, Inc.
is not the registrant of domain names listed in this database.

Registrant:
ahmad farahat
p o box 953
cantonment, Florida 32533
United States

Registered through: GoDaddy.com
Domain Name: MANSMEDIA3.COM
Created on: 26-Feb-05
Expires on: 26-Feb-06
Last Updated on: 26-Feb-05

Administrative Contact:
farahat, ahmad
p o box 953
cantonment, Florida 32533
United States
(850) 587-4281


Technical Contact:
farahat, ahmad
p o box 953
cantonment, Florida 32533
United States
(850) 587-4281

Domain servers in listed order:
WSC1.JOMAX.NET
WSC2.JOMAX.NET