An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed.
While most people are using Gmail, Outlook, or other modern free mail services, many older people continue to use AOL simply because they are used to the service and find it too complicated to switch to a new email service.e.
Unfortunately, this also makes them prime targets for phishing scams that, in my experience, tend to slip through AOL's email filters more easily than other service's filters, such as Gmail.
This week I was contacted by two older family members who received an email with a scary email subject stating that their "Mail Box will close in 3 days log in to re-activate."
Scared that the email accounts they used for close to 25 years would be closed, they forwarded me the email and asked for advice.
The email stated that they need to login and verify their account within 72 hours, or AOL will deactivate their account.
"We don't want to say goodbye!"
"We noticed you haven't updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It's going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs," warns the AOL phishing email.
Enclosed in the email was a link to a poorly constructed AOL phishing landing page that asked visitors to log in to AOL.
Once AOL credentials are submitted on the form, the stolen credentials are sent to the attackers, and the user is redirected to the standard AOL login page.
As I have made a point of teaching family members about phishing scams and what to look out for, my family members did not fall for the scam.
Unfortunately, many people may not have received the same education and will likely enter their AOL login information.
What should you do if you entered your info?
If you received this phishing scam and mistakenly entered your login information, you should immediately log in to AOL and change your password.
If the site doesn't accept your password, it's possible the attackers already gained control over your account. In that situation, you should contact AOL support.
If you use your AOL password at other sites, you should change them there as well.
When changing your passwords, be sure to use a different password at every site. By doing this, if one site suffers a data breach, it won't affect your credentials at the other site.
To help you keep track of all of your unique passwords, BleepingComputer suggests using a password manager.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
Chris Cosgrove - 4 years ago
Nothing new in a fishing campaign against AOL accounts, it's been going on for several years. I probably run about half a dozen a week or so.
allprogressivesareps - 1 year ago
Only since Yahoo seized the operation.
doncoyote - 4 years ago
I deleted my AOL account 2 weeks after I opened it.
In 1999.
allprogressivesareps - 1 year ago
It is not because I find Gmail, Yahoo, or Outlook too confusing, Yahoo for decades has been notorious for selling your personal data.
I have bot Gmail and Outlook accounts bur neither allows you to create personal folders which I have with data I find to be important.
The having to have your Inbox messages closed to delete a message and the poor overall format and the Phishing started when those warp minded people within Yahoo E-mail/Data source seized control of AOL.
Remember Yahoo dating which was completely free but wasn't after they bought and became Match dot com.
The Yahoo powers that be are the lowest of the low.