Cybercriminals Are Phishing For Login Credentials of AOL Users

Fraudsters aiming to steal login credentials from AOL users are sending phishing emails that threaten recipients with account closures unless they confirm their email addresses and passwords. The AOL phishing campaign was noticed on February 23, according to Bitdefender Antispam Lab.

Like previous email-based phishing campaigns, cybercriminals use scare tactics and subject lines ranging from “account shutdown” and”final warning” notifications.

In some versions of the scams, the threat actor provides a 24-hour window for users to verify their account credentials or risk becoming unable to receive or send emails.

Although most of the emails lack sophistication, some AOL users may still be tempted to access the fraudulent links and unwittingly give their passwords to cybercriminals.

“The password to your email is expiring today,” one of the fake emails reads. “You are required to use below to re-confirm password otherwise access to your mailbox will be denied.”

In a different version, fraudsters warn users that they have exceeded their Inbox storage and urge them to upgrade their accounts free of charge.

How to protect against phishing emails

One of the first steps when dealing with phishing attacks is to analyze the sender’s email address and the corresponding message. Phishing emails often create a sense of urgency, based on the widespread belief that most users tend to delay or postpone particular tasks – updating and verifying account credentials and passwords.

As a rule of thumb, be cautious of all communications labeled as urgent that ask you to “act now” or lose access to your account.

Do yourself a favor and head to the official website and check for news or updates, and never access the link provided in the email.

If you’re suspicious or know that you’ve entered your login credentials onto a suspicious website or link, try to reset your account password. If locked out from your account, contact the service provider for assistance and immediately change any account passwords that shared the same login credentials.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab.