AOL Users: Beware of Phishing Attempts

Recently, I have been dealing with a number of clients who use AOL and have had their AOL account compromised. Some of those report having recently received an email from AOL that their mailbox was full. They went to the link logged in and took care the problem themselves. But in fact, what they really did was give their AOL password away to someone with the intent of locking their account. Many of them had their entire address book deleted but only after emails were sent to everyone they know telling that they had been abducted and needed money to get away or that they were in jail and needed money for bail.

This is a very common phishing attempt that has been going around for long time. Some of my clients that continue to use AOL have their accounts for a very long time and don’t want to have to change their email address.  Even though many times I have recommended that they should get a different email address and leave AOL they continue to stick with it because they don’t want to deal with the effort of change.

AOL remains one of the greatest risks for phishing in the email industry. People sending these phishing efforts realize that AOL users have used the system for a long time and as a result they realize they’ll do anything to continue to be able to use it. So these hackers send out emails similar to this:

Screen Shot 2015-04-20 at 10.09.23 AM

So let’s dissect this message. First look at where the email came from. That email address is not an AOL email address. But more importantly hover over the click here before you click.

Screen Shot 2015-04-20 at 9.43.10 AM

 

As you can see, it’s quite obvious it’s not taking you to an AOL server. But people in a hurry, forget these easy to use rules for staying safe. So let’s say it just one more time:

Never, Never click on any email link without seeing where the link takes you.  But then make a conscious decision that the link is going to someplace that makes common sense in the context of what it is supposed to do.  If it doesn’t, don’t click.  If your not sure, forward it to someone that can assist you in determining if it is something you need to do.

Using this common sense approach will keep you from having to deal with all the issues related to an email account being compromised.  Take the time to look forgot clicking.

 

Apple needs to deal with phishing and junk mail on its iCloud servers

Phishing scams through email continue to be one of the biggest problems related to email today.  My email account sees dozens of these and quite often are able to deal with them as junk mail and get rid of them. But a real growing problem I see, is related to Apples iCloud email and pfishing.

imageiCloud email has never been very good at dealing with junk mail. Unlike Google who has extensive junk mail filtering enabled on their servers, at times Apples email system seems to just send everything through. You certainly have the ability, if you’re on a computer, to mark email as junk and hope that matching emails get put into the junk folder when they come in. Unfortunately, if you’re on one of apples premier iOS devices, you have little to help you because junk mail filters don’t exist. But more and more it seems like Apple with his iCloud email services are doing nothing at the server level to stop you from getting this junk mail and phishing scams. Email that is sent to a third-party provider may be difficult to filter  because that provider cannot determine if the email in legitimate but email that looks like it comes from Apple should be simple for Apple to filter out at the server level and save its customers the risk of mistakenly believing Apple is in contact with them. Here’s a glaring example.

Nearly every day I get at least one email that looks very similar to this. The people sending the email obviously want to make it look like it’s from Apple. But if you look closely, you can easily determine that it’s a scam. My real question for Apple is why they can’t determine these are scams and delete them before sending them to me. I am a savvy enough user to realize that this email is fake. But many users may not realize it that easily.

If you look at the email closely, the look and feel of it looks very similar to the minimalistic email formatting thatimage Apple commonly uses. It’s only when you look at the link that the scammer is attempting to get you to click on that you see that it’s actually fake.  If you actually click that link it takes you to a page that looks just like the Apple account sign in page. I always check these links before I click on them by holding my finger down on the link if on an iPad or iPhone until it shows me where it’s taking me. You can also click and hold with a mouse on the link and see the same thing if you’re on a computer. These kind of emails come from all different companies and always look as if they’re real. But here’s my real issue with Apple.

I can see no reason why a mail provider, that is hosting email itself such as Apple, can’t determine these phishing scams are being sent out in its own name. It would seem to me that Apple would want to stop these at the server level rather than subject users to the risk of accidentally clicking. But that certainly doesn’t seem to be the case.

So it bears recommending one more time for users to be extremely careful of the email that comes to them. It only takes one casual click, and the entering of your ID information, to allow someone access to your credit cards, your stored identity information, and cause you all kinds of problems that you’ll then have to deal with.

Remember, think before you click and make email safer. But I still believe, email providers need to step up and deal with this problem. It makes perfect sense to me that Apple does so little filtering at the server level when they can’t even filter out email that looks like it’s coming from them.