An MSN spokesperson said all the company's communications to customers are clearly designated by the MSN butterfly icon in the inbox. "Any e-mail message that directs you to forward e-mail, provide your password, or that requires you to download software is most likely a hoax and should be deleted immediately," the spokesperson said.
AOL representatives did not immediately return calls for comment.
Often the fake billing sites can be recognized by the faulty Web address that appears on the user's browser. But Larkin said the most advanced criminals have found ways to avoid this problem.
"They'll use a legitimate site and URL, but they create a clear overlay on the site that gives a pop-up that asks for the user to re-enter information. There's really no way for the user to tell it's a spoof because the Web address is the same," he said.
Criminals use sites already well-known to users to keep the level of suspicion low. While an unsolicited e-mail requesting money or credit information may appear shady, the thieves hope people will be less skeptical working on a site they have used and trusted before.
"They're trying to find ways to comfort the victims so they're not paying attention. It's social engineering — they want everyone to feel comfortable," Larkin said.
Crossing Foreign Borders
Another technique, known as "reshipping," involves buying merchandise with stolen credit cards and having it shipped to a foreign location out of the reach of U.S. law enforcement.
In one reshipping theft ring based out of West Africa, the culprits used stolen credit card numbers to purchase electronics equipment online and had it sent from U.S. merchants to Nigerian addresses. By the time the fake card numbers had been identified, the equipment had already been delivered and likely resold.
Quotes delayed 15 minutes for NASDAQ. 20 minutes for NYSE and AMEX. Market Data provided by Interactive Data. Terms & Conditions.
Powered and implemented by Interactive Data Managed Solutions
