Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









AOL 'Billing Update Must be Performed' Phishing Scam

Outline
Email purporting to be from AOL claims that the recipient must follow a link to update account information or limitations will be placed on his or her AOL service.



Brief Analysis
The message is not from AOL. In fact, the email is a phishing scam designed to trick recipients into providing personal and financial details to Internet criminals. The link in the email points to a bogus website that asks users to submit information via an online form.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 22nd February 2011
First published: 22nd February 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Billing Update Must be Performed

Billing update must be performed


Dear AOL Member,

Our records indicate that your account hasn't been updated as a part of our regular account maintenance. Our new SSL servers check each account for activity and your information has been randomly chosen for verification. AOL Member Services strives to serve their customers with better and secure banking service.

Notification: Failure to update your account information may result in account limitation at shopping on our portal.

Update your information

To re-secure your account, just confirm your personal information.

Sincerely,
AOL Member Services

Please note that this email address cannot accept replies.



AOL Billing Update Scam Email




Detailed Analysis
This email, which claims to be from Internet service provider AOL, informs the recipient that he or she must update AOL account details or risk a subsequent limitation of services. The message claims that the account has been randomly chosen for verification by AOL's "new SSL servers". It warns that the account has not been updated as part of AOL's regular account maintenance procedure and urges the recipient to click the "update your information" link in order to "re-secure" the account.

However, the email is not from AOL. In fact, the message is a phishing scam designed to steal personal and financial information from AOL customers. Those who fall for the ruse and click the "Update" button will be taken to a fraudulent website designed to closely resemble a genuine AOL page. As shown in the screenshot below, the fake site asks users to provide a significant amount of private information, including credit card numbers and social security numbers:

AOL fake update form

All information on the bogus website will be sent to criminals who can subsequently use it to commit credit card fraud and identity theft. To further the illusion, secondary links on the fake site actually open genuine AOL web pages. Moreover, when a victim has finished filling in the information on the bogus form and clicked the "Submit" button, he or she will be automatically redirected to the genuine AOL website.

The phishing email itself is also designed to resemble a genuine AOL message.

AOL customers are regularly targeted by phishing scammers. AOL will not send out unsolicited emails warning customers that their account will be limited or suspended if they do not follow a link and provide personal information. In fact, any message that claims that you must update information for a bank, government department or online service by following a link or opening an attachment should be treated with suspicion.

Find out more about phishing scams


Bookmark and Share



References
AOL Update Billing Information Phishing Scam
Phishing Scams - Anti-Phishing Information

Last updated: 22nd February 2011
First published: 22nd February 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer