Zyra's front page //// AOL //// Spam //// Bank Hoaxes //// Rogues Gallery of Suspicious e-mails //// Site Index
Your Final Warning From AOL - Update Your Account Information Within 24 Hours
A scary message arrived here claiming to be from AOL. I have good reasons to believe it's not actually from AOL at all! How about that?! Have a look at the message. Don't click through on any of the bogus links in it telling you to update your AOL records. See what I have to say about this HOAX MESSAGE at the end...
-----
Original Message ----- From: support aol.com To: Rogues Gallery Sent: Saturday, July 15, 2006 3:49 PM Subject: Your Final Warning From AOL Update Your Account Information Within 24 Hours Valued AOL Member, Never share your AOL password to anyone! Establish your proof of identity with ID Verify (free of charge) - an easy way to help others trust you as their trading partner. The process takes about 5 minutes to complete and involves updating your AOL information. When you're successfully verified, you will receive an ID Verify icon in your feedback profile. Currently, the service is only available to residents of the United States and U.S. territories (Puerto Rico, US Virgin Islands and Guam.) To update your AOL records >> Click here << We appreciate your support and
understanding, as we work together to keep AOL a safe
place to trade. Please do not reply to this e-mail
as this is only a notification. Mail sent to this address
cannot be answered. Copyright 1995-2006 AOL All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the AOL User Agreement and Privacy Policy. Designated trademarks and brands are the property of their respective owners. AOL and the AOL logo are trademarks of AOL Inc. AOL is located at 2145 Hamilton Avenue, San Jose, CA 95125. |
Firstly, the message was sent to an address which was harvested from the Rogues Gallery of Suspicious emails where frauds and scam messages are exposed! Also, I do not have an AOL account, and if I did have an account at AOL, it might just be that AOL would know my name! If you receive a message addressed "Dear customer" or in this case "Valued AOL Member", you can have suspicions that it's not genuine!
Don't be fooled by the inclusion of AOL's address, regardless of whether that's their real address or not, as it's very easy to put that in and have it faked-up. An official-looking copyright message doesn't mean it's genuine either. If a graffiti artist put "copyright (c) the local government" on a message sprayed on a wall, surely you'd not assume it was an official government notice! Also, don't be fooled by all this stuff about "trust and safety"! The hoaxers disguise themselves like that. Bank robbers deciding what outfits to wear when holding up a bank don't always choose something obvious such as striped jerseys and masks, and might instead wear some stolen security officer uniforms of a type that might look convincing when marching around all official-looking in a bank!
The links in the message do not go to AOL, but to http;//misc.interactivedata.be/.ldap/www.aol.com/_cqr/login/login.psp/as which is presumably a place where, if you entered your security details, they would be delivered to phishing attack data loggers. Incidentally, I have replaced the links in this example stuffed and mounted e-mail so they go to a safe page where I can explain some more about e-mail problems.
Most notably, AOL, for all their failings, Do Not threaten you with a 350 dollar penalty for ignoring the notice or to reactivate your account.
A minor issue worth mentioning is that where an e-mail says "do not reply to this email", it's always worth considering suspicious. You Should be able to reply. In the case of this hoax message pretending to be from AOL, the senders have faked-up the address of the support address at AOL. Yes, e-mail hoaxers can do this, as it's very easy to falsify the sender address. It's known as spoofing. Criminals often fake-up honest people's addresses in spam so the nasty venomous replies from irate spam recipients go to whomever the criminals want to victimise this week.
Another point: The ID Verify logo they have used in the message was actually pinched from eBay. In fact it was coded so it was remote-served from eBay's server at http://pics.ebaystatic.com/aw/pics/verify-icon.gif - at least I'm presuming it's eBay's server!
Also, I don't want to get picky here, but I may have to... "Never share your AOL password to anyone". Is English not AOL's first language? Even in the US American variant of the English language it would be "Never share your AOL password with anyone" or "Never divulge your AOL password to anyone". Such linguistic faults are often specific to a geographical/cultural region, so by some linguistic detective work it's possible to give some idea where the culprits are located, or at least where they were brought up originally.
This type of message is very common and usually comes in pretending to be from a bank. See bank fraud messages. But whether it's pretending to be from a bank or from Microsoft, eBay, O2, or AOL, the trick is the same; to get you to be gullibly duped into believing the idea that you've got to "confirm" your personal details, enter your private info, and this then gets captured by ne'er-do-wells and hoodlums masquerading as the place in question. Having got your personal info, crooks can then use it in a variety of nefarious ways. Also see ID Theft
So, if you receive a message like this, don't be fooled by it!