AOL Users: Beware of Phishing Attempts

Recently, I have been dealing with a number of clients who use AOL and have had their AOL account compromised. Some of those report having recently received an email from AOL that their mailbox was full. They went to the link logged in and took care the problem themselves. But in fact, what they really did was give their AOL password away to someone with the intent of locking their account. Many of them had their entire address book deleted but only after emails were sent to everyone they know telling that they had been abducted and needed money to get away or that they were in jail and needed money for bail.

This is a very common phishing attempt that has been going around for long time. Some of my clients that continue to use AOL have their accounts for a very long time and don’t want to have to change their email address.  Even though many times I have recommended that they should get a different email address and leave AOL they continue to stick with it because they don’t want to deal with the effort of change.

AOL remains one of the greatest risks for phishing in the email industry. People sending these phishing efforts realize that AOL users have used the system for a long time and as a result they realize they’ll do anything to continue to be able to use it. So these hackers send out emails similar to this:

Screen Shot 2015-04-20 at 10.09.23 AM

So let’s dissect this message. First look at where the email came from. That email address is not an AOL email address. But more importantly hover over the click here before you click.

Screen Shot 2015-04-20 at 9.43.10 AM


As you can see, it’s quite obvious it’s not taking you to an AOL server. But people in a hurry, forget these easy to use rules for staying safe. So let’s say it just one more time:

Never, Never click on any email link without seeing where the link takes you.  But then make a conscious decision that the link is going to someplace that makes common sense in the context of what it is supposed to do.  If it doesn’t, don’t click.  If your not sure, forward it to someone that can assist you in determining if it is something you need to do.

Using this common sense approach will keep you from having to deal with all the issues related to an email account being compromised.  Take the time to look forgot clicking.