Scam of the day – November 8, 2015 – More AOL phishing scams

I have written about AOL phishing scams many times, but an abundance of AOL phishing emails that are presently being circulated make this a topic worth writing about again. Reproduced below are three of them, the last of which is a phishing email about a generic account that doesn’t even attempt to tell you the name of your email carrier.   Scammers and identity thieves send out phishing emails to lure people into clicking on links in these emails that will either download keystroke logging malware on to the victim’s computer that will enable the identity thief to steal personal information from the victim’s computer and use it to make him or her a victim of identity theft or by clicking on the link, the victim will be directed to an official looking page requesting personal information under some legitimate sounding guise.  If the victim provides the requested personal information, it is used to make him a victim of identity theft.

“Aol!
Dear Member,Your mail-box might be shutdown within 24hrs due to your recent termination request. To cancel RE-SET , Log-in and wait response from Aol.

Sincerely

Webmail 2015 Security Team”

and

“​​A0l.​
​​​​​​​​​​​​​​Account Termination

​Dear A0L User,

We received your request to terminate your A0L Mail Account and the process has started by our A0L Mail Team, Please give us 2 working days to close your A0L Mail Account.
​​please if you did not wish to termination , click below and sign in to cancel the termination request :”

This last one is not specific to AOL, but contains many of the same phishing elements:

Dear User,
Your E-mail has exceeded the storage limit. You can not send or receive new messages until you re-validate your mail.  To re-validate the mailbox:- = Click to restore

Thank you!
Mail Administrator.”

TIPS

Phishing emails such as these always wish to create a sense that immediate action is required in order to avoid some negative event such as your account being closed.  These particular emails are easy to identify as scams.  None of them came from an email address that was connected with an email provider.  In fact, they all came from personal email addresses that were probably those of innocent victims of a botnet where a cybercriminal takes control of the computers of innocent people and uses those computers to send out phishing emails and other such communications.  None of the emails reproduced above carried a company logo although, this is easy to counterfeit and shouldn’t be something that makes you consider such emails to automatically be legitimate if you do receive an email with an official corporate logo.  Finally, such phishing emails often contain, as these do, grammatical or spelling errors.  You should never click on any link or provide any personal information in response to an email unless you are absolutely sure that it is legitimate and safe to provide the requested information.  The best thing you can do is to contact the company that is purporting to be sending the email and inquire as to the legitimacy of the email you received.
​​