The quantity of charity appeals traditionally increases at Christmas – on the TV, on the web, in newspapers, and on advertising hoardings in town – and audiences are particularly susceptible during the time of goodwill to make donations of money and goods for charitable purposes. However, experts at G Data Software AG warn against acting too quickly and advise people to keep their eyes open.
The advice being given today focuses especially on the globally renowned online service AOL. The American Internet giant places great store on corporate social responsibility, and describes many of the projects it has delivered on a website specifically set up for the purpose. One project that has been close to AOL's heart since 2007 is the St. Jude Children’s Research Hospital. Besides reports on the activities carried out for the benefit of the hospital, the company also runs display adverts to generate more donations. One such advert looks like this:
By clicking on "Donate Now", the website visitor is taken to the St. Jude online shop, where donations can be made via a variety of payment methods.
In the current case, the fraudsters are not targeting the payment data of eager donors, but the AOL login data. They have generated a website that is almost identical to the original and have added a fake AOL login form that forwards all the data entered there to them. The current example was placed on a French Wordpress blog by the attackers, almost certainly without the knowledge of the blog operator.
If the cyber criminals get their hands on access data for AOL accounts, there are all sorts of things they can do with it. For example, they can abuse the service's web services with third-party data for sending spam, or sell the login data and associated personal data on the black market. One way or another, the phishing victim becomes a "black sheep".