Password Phishing Scam
Home ScamsPhishing Scams PHISHING – AOL Mail ‘Exceeded Storage Limit’ Email

PHISHING – AOL Mail ‘Exceeded Storage Limit’ Email

by Brett M. Christensen

Outline

Message purporting to be from large US webmail provider AOL Mail claims that your email storage limit has been exceeded and you must click a link to re-validate your mailbox. 

Brief Analysis

The message is not from AOL Mail. It is a phishing scam designed to steal your AOL account login details. If you receive this message, do not follow any links or open any attachments that it contains.

Example

AOL Mail

Your mailbox has exceeded the storage limit is 1 GB, which is defined by the administrator, are running at 99.8 gigabytes, you can not send or receive new messages until you re-validate your mailbox.
To renew the mailbox click link below:
Click Here
Thank you!
Web mail system administrator!
WARNING! Protect your privacy. Logout when you are done and completely exit your browser.

AOL Phishing Scam Email

 

Detailed Analysis

According to this email, which purports to be from email Service Provider AOL Mail, your mailbox has exceeded its storage limit of 1 GB. The message warns that you will not be able to send or receive any email until you click a link to re-validate your mailbox.

The message is signed by the ‘Web mail system administrator’ and even includes a security alert advising you to logout and close your browser when you have completed the re-validation.

However, the email is certainly not from AOL Mail or any genuine system administrator. The claim that your mailbox limit has been exceeded is just a ruse to trick you into following the link.

The link opens a bogus website designed to mirror a genuine AOL login page. Once you have ‘logged in’ on the fake page, you may receive a message claiming that you have successfully re-validated your mailbox and restored email service.

Thus, you may think you have dealt with the issue and forget about it. 
Meanwhile, however, the criminals responsible for this phishing expedition can collect your AOL Mail login credentials and use them to hijack your account. Once they have gained access to your account, they can use it to launch further spam and scam campaigns, all in your name.

Bogus ‘exceeded storage limit’ warnings are a favourite scammer tactic. Similar scam campaigns have targeted customers of other high profile service providers.

Some versions take a more generic approach and simply claim to be from ‘IT Support’ or the ‘Web Mail Administrator’ and do not specify a particular provider at all. These generic versions are designed to harvest details from users of many different email services.

While many, including the version discussed here, ask you to click a link to ‘login’, others may ask you to reply to the email with your username and password. Still others may ask you to fill in an ‘update’ form contained in an attached file.

Some email providers may send out automatic email notifications advising that you have exceeded a storage limit. However, these emails will not ask you to provide your login details or other personal information by clicking a link, replying to the message, or opening an attached file.

It is always safest to access your account – or deal with any supposed account problems – by entering the account address into your browser’s address bar or via an officially endorsed software application.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer