Claim:   Earthlink is sending out suspension notices via e-mail and asking subscribers to verify their credit card information.

Status:   False.

Example:   [Collected on the Internet, 2003] – Account suspension alert.

Dear member, Account Management regrets to inform you that your account has been suspended due to credit card verification problems. Your credit card failed to authorize and as a result, your account has been suspended.

Please take a moment to confirm your account by going to the following address:

Trully yours, account management team.

Variations:   Similar messages were also sent to customers of, AOL, and eBay.

Origins:   Yet again a redirection scam has hit the Internet in the guise of messages appearing to come from a well-known Internet entity; in this case the wolf is disguised in the clothing of Earthlink, a large Internet Service


Just like a scam perpetrated earlier this year using PayPal as camouflage, this one involves messages sent to Earthlink customers which appear to be coming from Earthlink management itself. A typical message claims that the recipient’s Earthlink account has been suspended due to a problem with his credit card and requests that he re-enter his credit card information through Earthlink’s web site. The messages actually come from scammers (the example we received was sent from a server in Korea), and the links in the message don’t actually go to Earthlink’s web site — they take the user to a completely different web site where the entered credit card information is collected and e-mailed to a scammer’s account.

Scams that trick the gullible into revealing private information by having them “confirm” details presumably already in the possession of the one doing the asking fall under the broad heading of “social engineering,” a fancy term for getting people to part with key pieces of information simply by talking to them. The wary consumer’s best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for “verification,” ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service through its web site and ask them about the e-mail.

The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn’t mean it’s genuine, and just because you’re being directed to a web page that looks like that entity’s home page doesn’t mean you’re not being sent somewhere else. Beware the wolf in sheep’s clothing lest you end up his dinner.

Last updated:   6 January 2008


More From