Incidentally this post is nowhere to be
found on AOL now...likewise to the follow-up that I posted minutes after it. So
much for sharing of information.
Subject: AOL - Please Read
Date: Mon, 13 September 1999 11:11 AM EDT
From: CndlsRUs
Message-id: <19990913111159.04630.00013565@ng-cg1.aol.com>
Hi everybody. You guys know I never forward on virus hoaxes and I really hate to receive them. Mom's (kjohn95588) AOL account was hacked for the second time last night and as we restore it AGAIN this morning - I want to clue you guys in on how it probably happened.
This is going to sound like one of those stories you hear on the net, but most of you know me and many of you know what we went through in Washington DC when we had to restore the account the first time - so you can choose to read or ignore this explanation/heads up for yourself.
You know how AOL always says they will never ask for your password information? It's true - they will not. Other people disguised as AOL staff will though. It can be hard to not believe all the offers for free stuff, especially when it looks like this:
Subj: AOL Giveaways!!!
Date: 9/10/99 3:26:27 PM !!!First Boot!!!
From: JGilb32545
BCC: KJohn95588
For our AOL Members. Thank you for enjoying the best internet service on the net. Because
we value our customers during our current update members must please submit their
information to be eligible for our FREE drawing of cash and prizes on November 12,1999. Winners will be randomly selected and
notified through email. Best of luck to our Members! Aol Staff CLICK HERE/B>
NEVER "CLICK HERE" on a message like this!
Note it never asked for your password outright - instead it disguised the request for information as "please
submit their information" (and it's not even typed professionally - this was not my typo - I copied and pasted the message as it was in the received mail box.)
PLEASE EVERYBODY...
Free things on the net are rarely really free. Most often they are a ploy to get names for mailing lists at best, or downright invasive ways to hack your machine or accounts at worst. Many of us would agree that mountains of spam (Get Rich Quick, Virus Hoaxes, Chain Letters, Make $100,000 in 30 days, etc) are just as bad as actual hacking into accounts.
If you receive emails like the one above - please don't reply to it. As you can see from the message - the screen name was not an obviously disgusting one that I would hope you NEVER open mail from - it looks very common and safe. The subject line too, would make you curious enough to open it thinking it may come from AOL. Opening the message itself is probably of no harm - the trouble occurs when you "Click Here" and then answer whatever questions
are being asked. I can't tell you what those are because even I'm not comfortable following this message through to its end. You'd probably be fine looking at the page that displays from "Clicking Here", just not submitting any answers, but I'm not sure and don't want to find out.
I don't work for AOL - but I know they would never send email to their members in this manner.
Now go make some real money and book some shows!
Follow-Up:
I had posted a follow-up to this
regarding AOL's handling of our concern, but it and the original post were
either removed by AOL or they had an extraordinarily bad morning on their
servers.
The follow-up had to do with my real concern about the
response of the AOL Community Action Team when we contacted them this morning
unable to access our account.
(excerpt)
Subj: Trojan Horse Information
Date: 9/13/99 2:01:11 PM
From: CATRep513
To: KJohn95588, Cndls R Us, Herkevan, CandlKitty
Thank you for calling America Online's Community Action Team. As we discussed on the phone, a "Trojan Horse" file may have been downloaded onto your computer and could be causing your AOL software to malfunction.
A Trojan Horse is a computer program that's designed to look like something fun or attractive -- like a game or screen saver -- but its true purpose is completely different. Trojan Horses are distributed as files attached to email or web pages, which is why we recommend that you never download an email attachment sent to you by someone you don't know and are very careful about what you download from the Internet. Some Trojan Horse programs are designed to send your AOL password to another person. This gives that person access to your account.
Well-meaning I'm sure, but their primary focus was to blame it
on a virus and to give up instructions to download their free virus software and
how to run it.
Free virus software is great - this is Dr. Solomon and it is
reliable and good - and free from AOL - and is absolutely what you should do if
you haven't already. They're also quick to tell you that whatever other virus
software you may already own is not sufficient to detect AOL Trojan Horse
viruses.
(excerpt)
PLEASE NOTE: Only the special version of Dr. Solomon's Anti-Virus that's available on AOL (at keyword: VIRUS INFO) can detect and disable the Trojan Horse that may be on your system. This update has the special information Dr. Solomon's Anti-Virus needs to neutralize the Trojan Horse program.
Unfortunately, the problem above originates not in a virus,
but in people opening emails expecting to receive something for nothing. The
respondent simply follows instructions in their email. Nothing is downloaded, no
attachments are opened. There is no protection from yourself!
I really don't have anything against AOL. I obviously don't
work for them (LOL) and it makes no difference to me whether you heed the above
information or not. As the victim twice now of this type of hacking on Mom's
account, I felt it important enough to pass on to you.
Belinda
belinda@bestofboards.com