Attackers have been targeting AOL users in an attempt to steal login name and password with a phishing link. Many older people are still using AOL, because they find it too complicated to switch to a different email service such as Gmail or Outlook. This makes them prime targets for phishing scams, especially as AOL’s email filters are not as efficient as those from other services.
The email warned: “We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs.” followed by a link to a poorly constructed phishing site asking for login credentials. Once login details were entered and submitted, they were sent to the attackers. Sadly anyone without proper knowledge or education about phishing links could have fallen victim to this attack.
Commenting on the news, Tim Helming, security evangelist at DomainTools, stated: “Phishers have realised that AOL is used by a demographic generally more susceptible to online scams, further highlighting that training and awareness are of paramount importance. This highlights the importance of raising awareness on scammers techniques: the more savvy the user, the less effective these tactics become. Users should always question a request to update account details when it is unsolicited.”
Helming explained that the only circumstance when a password reset might be legitimate is when the provider has a reason to believe that the account is at risk of being compromised, but even in those instances, users are invited to double check that the information provided in the email are true and to reset their details by visiting the official website by typing the URL in their browser, rather than following a link. “Email security is ultimately a matter of users exercising extreme caution, paired with a serious commitment on the part of email service providers to filer out the bulk of malicious messages. Only with a combination of technology and user awareness will this kind of scam become unprofitable and, consequently, less popular among criminals looking for easy gains”, he concluded.