A new phishing campaign spotted by BleepingComputer in the wild has been stealing the AOL credentials of users. The phishing email starts with a warning message saying the email account will be closed if the details are not updated and prompt them to log in to their AOL account, a phishing page collecting the credentials.
AOL Phishing Campaign Underway
AOL is something that most of us have forgotten. The several internet services of AOL were once used extensively, before the reign of Google and Yahoo. Out of all its services, the AOL search engine and the mailboxes are something that people are highly related to.
Though the presence of AOL declined now, many older adults from the ’90s and early 2000s are still using the AOL mailboxes and can’t easily move onto modern services like Google or Outlook. And this made them a target to fraudsters who’re now running a campaign to steal such vulnerable AOL users’ email credentials.
As reported by BleepingComputer, the ongoing campaign targets old AOL users, who cannot selectively differentiate between the genuine and spam emails and interact with them to fall prey. Stealing mailboxes of such users can help fraudsters steal funds if they’re able to pull a scam from their banks via emails.
As noted, the phishing email has the subject as below,
“We don’t want to say goodbye!”
“We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs.”
These types of fake warnings can trigger worry in unsuspicious users and force them to respond. This subject has a link at the end asking users to update their details. Clicking on it will take them to a poorly crafted phishing page that asks them to log in to their AOL accounts, thus stealing credentials when entered.
Thus, staying away from such emails or better reporting them as spam can help. If you’ve fallen victim to such phishing campaigns, it’s recommended to log into your concerned account and change the credentials immediately. Also, change the credentials on other online accounts if they’re being used elsewhere.