Email purporting to be from AOL claims that the recipient must follow a link to update account information or limitations will be placed on his or her AOL service.
The message is not from AOL. In fact, the email is a phishing scam designed to trick recipients into providing personal and financial details to Internet criminals. The link in the email points to a bogus website that asks users to submit information via an online form.
Subject: Billing Update Must be Performed
Billing update must be performed
Dear AOL Member,
Our records indicate that your account hasn’t been updated as a part of our regular account maintenance. Our new SSL servers check each account for activity and your information has been randomly chosen for verification. AOL Member Services strives to serve their customers with better and secure banking service.
Notification: Failure to update your account information may result in account limitation at shopping on our portal.
Update your information
To re-secure your account, just confirm your personal information.
AOL Member Services
Please note that this email address cannot accept replies.
This email, which claims to be from Internet service provider AOL, informs the recipient that he or she must update AOL account details or risk a subsequent limitation of services.
The message claims that the account has been randomly chosen for verification by AOL’s “new SSL servers”.It warns that the account has not been updated as part of AOL’s regular account maintenance procedure and urges the recipient to click the “update your information” link in order to “re-secure” the account.
However, the email is not from AOL. In fact, the message is a phishing scam designed to steal personal and financial information from AOL customers. Those who fall for the ruse and click the “Update” button will be taken to a fraudulent website designed to closely resemble a genuine AOL page. As shown in the screenshot below, the fake site asks users to provide a significant amount of private information, including credit card numbers and social security numbers:
All information on the bogus website will be sent to criminals who can subsequently use it to commit credit card fraud and identity theft. To further the illusion, secondary links on the fake site actually open genuine AOL web pages. Moreover, when a victim has finished filling in the information on the bogus form and clicked the “Submit” button, he or she will be automatically redirected to the genuine AOL website.
The phishing email itself is also designed to resemble a genuine AOL message.
AOL customers are regularly targeted by phishing scammers. AOL will not send out unsolicited emails warning customers that their account will be limited or suspended if they do not follow a link and provide personal information. In fact, any message that claims that you must update information for a bank, government department or online service by following a link or opening an attachment should be treated with suspicion.