"According to our records, your payment for your Internet access account is late. Perhaps you overlooked it? ...It is very important that you contact us as soon as possible. To update your account information, please go to http://www.valuehelp.net."
Oh, and once you get there, we'll rob you blind.
Customers of California ISP Value Net received such a message this week, signed by "Sheila Baker, Administrative Assistant." Problem was, it was a scam.
ISP abuse experts and the Secret Service say it looks like a new and sophisticated brand of Web scam that is bound to get worse.
"It's particularly scary because of the nature of it. It all looks real, and it's easy to perpetrate," said Patrick Greenwell, an Internet consultant who's seen all types of electronic spams and scams come and go.
Value Net president Tom Fawcett said at least one of the customers who visited the site entered a credit card number. After Value Net alerted him to the fraud, the customer discovered a substantial unauthorized charge on his account.
"When you go to that Web site, a dialog first comes up and says you are entering a secure Web site at Value Net. You're not -- but it says you are," said Fawcett. "They went to a lot of work to make it appear legitimate."
The spoof site uses a closely related domain name -- in this case, valuehelp.net, a convincing spin on value.net. Once there, users encountered a form telling them to re-enter their email, name, address, credit card information, and more.
Fawcett wasn't sure how many Value Net customers had responded to the email. But he said the ISP received 30 responses to its scam alert notice warning customers not to respond to the phony instructions.
The fraudulent site was still operational Thursday morning, but the New Jersey-based service provider hosting the domain shut the site down by the end of the day.
Value Net is not the first ISP to encounter such a scam.
Peter Veeck, a network administration consultant for Sherman, Texas, ISP Internet Texoma reported that his customers were targeted by a similar fraudulent email in July. One other ISP also confirmed it had been targeted by the same type of fraud, but declined to go on record.
