Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









AOL Update Billing Information Phishing Scam

Outline
Email, purporting to be from AOL, claims that, due to a payment processing failure, the recipient's AOL service will be blocked unless he or she updates payment details within 24 hours by following a link in the message.



Brief Analysis
The email is not from AOL. In fact, the message is a phishing scam designed to trick recipients into providing private financial and personal information to Internet criminals.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 30th June 2010
First published: 30th June 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Your AOL account will be blocked

Billing Information

Dear Valued AOL Member,

It has come to our attension that your AOL records information are out of date . We were unable to process your most recent payment.

Did you recently change your bank, phone number or credit card ? To ensure that your service will not be interrupted, please update your billing information NOW by visiting the new AOL small business system .

[Link to bogus website removed]

PLEASE , NOTE THAT FAILURE TO VERIFY YOUR RECORDS WILL RESULT IN ACCOUNT SUSPENSION .

Sincerely, AOL Member Services Team P.S. The link in this massage will be expired within 24 Hours . You have to update your payment information before that time .

Screenshot of AOL phishing scam email

Screenshot of AOL phishing email




Detailed Analysis
This email, which purports to be from large Internet service provider, AOL, claims that the recipient's AOL account is about to be blocked due to a payment processing problem. The email claims that the customer's billing information appears to be out of date, and he or she is required to update this information within 24 hours. The recipient is urged to click a link in the email in order to visit the AOL website and supply the requested information.

However, the email is not from AOL and the claim that the recipient must update information or risk the blocking of his or her account is a lie. In fact, the email is a phishing scam designed to steal personal and financial information from AOL customers. Those who follow the link in the message will be taken to a bogus website that asks for information such as credit card numbers, banking details and name, contact and address details. Any information entered into the form on the bogus website can be collected by Internet criminals and used to commit credit card and other financial fraud and identity theft.

In order to fool victims into believing that the claims in the message are genuine, the bogus website is designed to closely resemble a legitimate AOL billing page. As the above screenshot illustrates, the scam email itself is also designed to appear like a legitimate AOL message and includes seemingly genuine AOL graphics, logos and copyright notices. Phishing scammers often steal copies of the targeted company's graphics and logos from its genuine website for use on their fake websites and in their scam emails. They also use the same fonts, formatting styles and colours that the targeted company uses. However, scam emails can often be identified by poor spelling and grammar ("it has come to our attension", "link in this massage will be expired") and an unreasonable sense of urgency.

In reality, Internet users should be very cautious of any email that claims that they must urgently provide private personal or financial information by following a link in the message or by opening an attached file. Legitimate companies or financial institutions are very unlikely to request such information via an unsolicited email. Any such request messages should be treated with suspicion. Do not logon to your online accounts by clicking a link in an unsolicited email. It is much safer to visit your account page by entering the web address in your browser's address bar. Moreover, when logging into your account, always ensure that the page is a secure (https) site. No legitimate service provider will ever ask for login or other personal information via an unsecure (http rather than https) webpage. If you are accessing a secure (https) page, a "lock" icon should be displayed in your browser's status bar or in the address field.

Criminals all around the world continue to use phishing as a means of stealing money and personal information from unsuspecting Internet users. It is important that Internet users take the time to educate themselves and their friends and families about this type of scam. Such scam attempts can be quite easily recognised by Internet users who have made themselves aware of how such scams operate and know what signs to look for in possible scam emails.

Bookmark and Share

References
Difference Between http & https
Phishing Scams - Anti-Phishing Information

Last updated: 30th June 2010
First published: 30th June 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Similar Articles:
Commonwealth Bank Phishing Scam - Online Access Suspended Message
Paypal New Message Phishing Scam
Gmail Account Phishing Scam