AOL users are the target of a new phishing campaign

News
By Rene Millman
published

Cyber criminals are targeting AOL users because they’re an older demographic and may find it too complicated to switch to newer services

Email sign with a fish hook on blue digital background
(Image credit: Shutterstock)

Cyber criminals have subjected AOL users to a new phishing campaign designed to steal their login details and passwords.

Researchers believe the cyber criminals target AOL users because they’re an older demographic and may find it too complicated to switch to newer services, such as Gmail or Outlook.

According to Bleeping Computer, users have received an email with the subject line "Mail Box will close in 3 days log in to re-activate.” The email urged victims to log in and verify their accounts within 72 hours or risk account deactivation.

AOL to axe 20 per cent of workforce Verizon forms Oath media division with Yahoo and AOL brands UPDATED: AOL has sold Bebo Three AOL employees depart following data breach

"We noticed you haven't updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It's going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs," warned the fake email.

The email linked to a phishing page with the AOL logo. Once the user submitted their details, the site redirected the user to another AOL login page.

Tim Helming, security evangelist at DomainTools, told IT Pro that phishers have realized a demographic that’s more susceptible to online scams uses AOL.

“This highlights the importance of raising awareness on scammers' techniques: the savvier the user, the less effective these tactics become. Users should always question a request to update account details when it is unsolicited. The only circumstance when this might be legitimate is when the provider has a reason to believe that the account is at risk of being compromised, but even in those instances, users are invited to double-check that the information provided in the email is true and to reset their details by visiting the official website by typing the URL in their browser, rather than following a link,” Helming said.

Helming added that email security is ultimately a matter of users exercising extreme caution and email service providers committing to filtering most malicious messages.

“Only with a combination of technology and user awareness will this kind of scam become unprofitable and, consequently, less popular among criminals looking for easy gains,” Helming said.

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.