Wednesday, July 13, 2011

AOL Phishing Scam: "***ACCOUNT UPDATE***"

It's been a few months since the last time I blogged about a phishing scam targeting AOL users. Once again, an e-mail claiming to have been sent by AOL is slipping past AOL's filters and is being delivered directly to users' inboxes, even if they have their spam filter set to High (the highest setting). The e-mail claims:

Dear AOL User,


This is email from AOL Team and we are sending it to you for verification.Due to the anonymous registration of our account which is causing congestion to our services, we are shutting down some accounts and your account was among those to be deleted, so the purpose of this email is for you to verify that you are the owner of this account and you are still using it by filling the information below after clicking on the reply button:

Username:.......................................
Password:.......................................
Date of Birth:...................................
Country Or Territory:.........................

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.

Thank you,


The AOL Team
Note the difference in the way this e-mail looks in the Web interface compared with a legitimate e-mail from AOL (the fake one doesn't have a fancy logo next to it, but the real one does):


No legitimate company will ever ask you for your password, but there are enough people out there who fall victim to schemes like this that phishers keep trying to prey on the less savvy.

If you have friends or family who use AOL, please teach them how to recognize and avoid phishing scams such as this one.


For more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter.