Tuesday, April 26, 2011

AOL Phishing Scam: "Billing update must be performed"

This isn't the first time that this exact thing has happened, but I wanted to alert my readers that a targeted phishing e-mail was sent out this morning to AOL users which managed to slip past AOL's spam filters (even if you had your account's filter set to High).  The e-mail claims:
Billing update must be performed

Dear AOL Member,

Our records indicate that your account hasn't been updated
as a part of our regular account maintenance.Our new SSL
servers check each account for activity and your information has
been randomly chosen for verification. AOL Member Services strives
to serve their customers with better and secure banking service.

Notification: Failure to update your account information may
result in account limitation at shopping on our portal.

Update your information

To re-secure your account, just confirm your personal information.
AOL Member Services

Please note that this email address cannot accept replies.
Experienced users will immediately recognize warning signs (the generic "Dear AOL Member" salutation, the fact that AOL is not a "banking service," the lack of a special AOL logo next to the e-mail in your inbox if you use the Web-based AOL Mail site, etc.).  However, it is quite troubling that AOL still does not always filter phishing scam e-mails that mimic AOL's formatting and links.  The phishing link embedded in the e-mail even contained a directory /bill.aol.com/ which should have immediately caused this message to be blocked by AOL's phishing filter, but shockingly it didn't.

Incidentally, back in 2009 I received a copy of a legitimate e-mail from AOL's billing department that appeared at first to be fake (see the screenshots below).  Since the company has a history of not catching AOL phishing scam e-mails, and since AOL also has previously sent actual billing e-mails that look like they could be phishing scams, AOL users should be extremely cautious about opening any e-mails that claim to have been sent by AOL.

Official AOL e-mails are supposed to appear with a special symbol in your inbox if you use the Web-based AOL Mail (as opposed to an e-mail client program like Apple Mail or Windows Live Mail, for example).  Following is a screenshot showing the symbol that AOL currently uses in the beta version of AOL Mail:

I have previously recommended using the AOL Mail beta URL — https://beta.mail.aol.com — which provides SSL encryption of the e-mail session rather than just the login page.

For those who may be interested, here's the Web of Trust rating page for the domain hosting the phishing scam page:

For more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter.