AOL Desktop Blog

Detect and report fraudulent AOL emails

Posted Jun 23rd 2008 12:13PM by Laura Peterson
Filed under: Member Education, Announcements, AOL Desktop

Fraudulent email alert

A valiant AOL Beta tester just alerted me to a fraudulent spam email that appears to come from AOL, but is actually spam. I'm passing on what the email looks like, how to tell that it's fraudulent, and some more information for reporting fraudulent emails that appear to come from AOL.

The sender's address is "update@aol.com" and the subject is "AOL Notification: [ Account Update Needed ]". If you see an email with this sender and subject or any other fraudulent email that appears to be from AOL, forward it to TOSReports@aol.com. Below is a screenshot of the email.

Phishing and how to detect it

Attempting to obtain financial and other sensitive information by pretending to be a trustworthy organization via email is called "phishing". "Phishing" is when a spammer literally tries to "fish" for information by baiting an unsuspecting person with an email that looks reputable at first glance.

The good news is that many phishers leave themselves open to detection by including spelling errors and other dumb mistakes on their emails which valid corporate communications would never include. The trick is to be sensitive to these things so you don't get dragged in, just as you would be alert to a possible pickpocket or con artist on a street.

Case in point: spammers hope that you'll just quickly glance at the email and click on the link they've embedded without a further thought. By adding the blue AOL graphics that make the email look fairly professional, they're trying to distract you so you won't notice all the errors that the email contains.

A good rule of thumb: even if you're sure the email is legitimate, read it carefully before taking ANY action! Additionally, AOL would never threaten to suspend your account if you failed to verify your details. (Your account would only be at risk if you violated the AOL terms of service by failing to pay for your dial-up, or, for example, by using AOL to spam other members. You would in most cases be given an opportunity to immediate rectify the situation via a pop-up linking to an official AOL website.)

Here's that email in question with some tips to show you why it's spam and not a real email from AOL.

Look for spelling mistakes -- "Informetion", "Dont", and "Decliend" are all red flags. I've circled those above.

Look for bad grammar like those areas underlined above: this could include fragment sentences or improper use of punctuation. ("Must a Valid Credit Card" is such an obvious giveaway, but you could miss it if you were reading quickly.)

Check out the embedded link by HOVERING over it with your mouse. (Don't actually click on it!) When you hover over the link, the hidden URL will appear in your mouse tooltip, which I've circled above. This one is definitely spam because the hidden URL contains a Russian domain (the .ru part). Compare this to the URL AOL uses for billing: bill.aol.com.

Don't enter credit card information anywhere until you've been asked to validate your identity. This is why you have a unique account security question (e.g. "what is your favorite movie or book?") that you set up as part of your billing details.

This article from AOL Help contains some additional information on reporting suspicious scam emails.

Remember: take the time to read all emails thoroughly before clicking any links or taking any action! Report phishing and fraudulent emails to tosreports@aol.com

Be safe!

Laura

___

Laura Peterson

AOL Desktop Team Blog Directory

Reader Comments (Page 1 of 1)

1. I just wanted to say that whenever I get a phishing type e-mail, I never click on any links in the e-mail. I'm that way about some that appear to be legit, too. If I want to know anything abpout my account, I'll go there by myself.

Franki

Posted at 4:42PM on Jun 23rd 2008 by Franki

2. When I get an e-mail purporting to be from AOL with links in it, I never click on any of the liks. If I wasnt to check it out, I'll do it myself.

Franki

Posted at 4:47PM on Jun 23rd 2008 by Franki

3. Had this exact same e mail and didn't even think about clicking on anything in it.
The 1st clue was that it didn't come in an AOL Certified envelope.
Like Franki, I will only access My Account thru AOL, never an e mail.

Posted at 5:00PM on Jun 23rd 2008 by SBSBJB

4. Kasper sky has detected this site as phishing for potential credit card, password thefts. hr@mapnylon.com

Posted at 11:41AM on Jun 26th 2008 by fourwlr

5. I was wondering if there was a general address I could send fraudulent emails to, not only AOL oriented.

Posted at 12:09PM on Jul 9th 2008 by Monique

6. I just fell for this scam and gave them all of my information and they wanted everything and now some one has it and I feel like a fool Please be more careful than I was.

Posted at 9:50PM on Sep 7th 2008 by marian green

Resources

Most Recent Comments

About The Team

Terrie is the lead product manager on the AOL Desktop Affinity software. Terrie works to define new views of Desktop. Like the Asylum Desktop and LemonDrop Desktop. Take a look, they are neat!

Summer is a Sr. Manager for AOL Member Communications. While she has no ties directly to the product development team, she has been a contributor to many AOL blogs over the last few years and is excited to bring a non-product team perspective to the Desktop blog.

Subscribe to AOL Desktop Blog News & Updates

Detect and report fraudulent AOL emails

Reader Comments (Page 1 of 1)

Resources

Most Commented Posts

Most Recent Comments

Blogroll

About The Team

Subscribe