Issue 136 - August 2012 (1st Edition) - Page 7
AOL Deactivated Account Phishing Scam
Email purporting to be from the AOL "Verification Team" claims that, due to several unsuccessful attempts to login, the recipient's AOL account will be deactivated unless he or she clicks an "activation link" in the message.
The email is not from AOL. It is in fact a phishing scam designed to steal account login details from AOL users. If you receive this or a similar email, do not click any links or open any attachments that it may contain.
Detailed analysis and references below example.
Last updated: July 25, 2012
First published: July 25, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: AOL WARNING,,,
This E-mail been sent to you by the AOL Verification Team to inform you that your account will be deactivated within the next 24 hours due to several unsuccessful log in attempt on your account.
To prevent this from happening please log in securely to our activation link below:
For immediate access, please click here to validate your account:
if you have already confirmed your information then please disregard this message
Thank you for using AOL! Mail user.
AOL! Account Services
This email, which claims to be from the AOL Verification Team,
warns recipients that their AOL account will be deactivated within 24 hours. According to the message, the account is to be deactivated because several unsuccessful attempts to login to the account have been detected. But, claims the message, the impending deactivation can be easily prevented by clicking an "activation link" contained in the email.
However, the message is not from AOL. In fact it is a typical phishing scam
designed to trick AOL users into divulging their account login details to Internet criminals. Users who are taken in by the scam and click the activation link will be taken to a fake website created to closely resemble a genuine AOL login page. Although it looks like a real AOL webpage, the fraudulent site has no connection to AOL and is not hosted on an AOL server. After they have entered their account login details on the fake form, and clicked the "Sign In" button, victims will be automatically redirected to a genuine AOL website. Thus, they may believe that they have successfully avoided the supposed account deactivation and may not yet realize that they have become victims of a phishing scam.
Meanwhile, the criminals responsible for this phishing expedition can collect the login details submitted on the fake form and use them to login and hijack the AOL accounts of their victims. Once they have gained access in this way, the criminals can lock out the rightful account owners, steal any personal information stored in account files and use the account for launching further spam and scam campaigns. Often the criminals will use the account's email address book to send scam emails posing as the account holder that try to trick recipients into sending them money. The emails, which will often include the account's holder's name and normal email signature, will falsely claim that the account holder has been robbed
or been in an accident while visiting another country and therefore desperately needs a short term loan to get home. Because the emails appear to come from the account of a person that the recipients already know, at least a few may fall for the ruse and send money as requested.
The scammers may also used the compromised accounts to send spam or further phishing scam messages that cannot be traced back to them.
AOL has been many times targeted
in such phishing attacks
as have other major Internet Service Providers
around the world. Be wary of any unsolicited email that claims that an online account you hold needs to be verified, updated or validated by following a link or opening an attached file. If you receive such an email, do not click on any links in the message. And, given that some such scam emails contain the bogus form in an attached file, do not open any attachments either. It is always safest to login to your online accounts by entering the account's website address into your web browser address bar rather than by clicking an email link.
typical phishing scam
falsely claim that the account holder has been robbed
many times targeted
Pages in this issue:
- Facebook Post - Seven Year Old Shot Saving Mom
- Cranky Old Man Poem
- Facebook Survey Scam - Free $500 Coles Voucher
- Amazon Account Review Phishing Scam
- Ellie May Ashley Missing Person Alert (Ellie Has Now Been Found)
- 'Private Message' Phishing and Survey Scam Emails
- AOL Deactivated Account Phishing Scam
- 'Mystery Shopper' Money Laundering Scams
- Hotel Booking Confirmation Malware Emails
- Chase Online 'Unconfirmed Payment' Phishing Scam
- 'Buddha' Shaped Pears
- Yacht Launch Mishap
- McDonald's 'Mega Promotion Award' Advance Fee Scam
- Intuit "Payroll Processing Request" Malware Email
- Facebook Survey Scam - Bestbuy Gift Card
- FBI Arrest Warning Advance Fee Scam