Email Address Password Phishing
Home ScamsPhishing Scams AOL ‘Billing Update Must be Performed’ Phishing Scam

AOL ‘Billing Update Must be Performed’ Phishing Scam

by Brett M. Christensen

Outline

Email purporting to be from AOL claims that the recipient must follow a link to update account information or limitations will be placed on his or her AOL service. 

Brief Analysis

The message is not from AOL. In fact, the email is a phishing scam designed to trick recipients into providing personal and financial details to Internet criminals. The link in the email points to a bogus website that asks users to submit information via an online form.

Example

Subject: Billing Update Must be Performed

Billing update must be performed

Dear AOL Member,

Our records indicate that your account hasn’t been updated as a part of our regular account maintenance. Our new SSL servers check each account for activity and your information has been randomly chosen for verification. AOL Member Services strives to serve their customers with better and secure banking service.

Notification: Failure to update your account information may result in account limitation at shopping on our portal.

Update your information

To re-secure your account, just confirm your personal information.

Sincerely,
AOL Member Services

Please note that this email address cannot accept replies.

AOL Phishing Scam Email

 

Detailed Analysis

This email, which claims to be from Internet service provider AOL, informs the recipient that he or she must update AOL account details or risk a subsequent limitation of services.

The message claims that the account has been randomly chosen for verification by AOL’s “new SSL servers”.It warns that the account has not been updated as part of AOL’s regular account maintenance procedure and urges the recipient to click the “update your information” link in order to “re-secure” the account. 
However, the email is not from AOL. In fact, the message is a phishing scam designed to steal personal and financial information from AOL customers. Those who fall for the ruse and click the “Update” button will be taken to a fraudulent website designed to closely resemble a genuine AOL page. As shown in the screenshot below, the fake site asks users to provide a significant amount of private information, including credit card numbers and social security numbers:

AOL Phishing Scam Website

All information on the bogus website will be sent to criminals who can subsequently use it to commit credit card fraud and identity theft. To further the illusion, secondary links on the fake site actually open genuine AOL web pages. Moreover, when a victim has finished filling in the information on the bogus form and clicked the “Submit” button, he or she will be automatically redirected to the genuine AOL website.

The phishing email itself is also designed to resemble a genuine AOL message.

AOL customers are regularly targeted by phishing scammers. AOL will not send out unsolicited emails warning customers that their account will be limited or suspended if they do not follow a link and provide personal information. In fact, any message that claims that you must update information for a bank, government department or online service by following a link or opening an attachment should be treated with suspicion.



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer