Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Phishing Campaign Targets AOL Users

An AOL-themed phishing scam is underway that is trying to steal users’ login names and passwords by warning recipients that their account is about to be closed. Most people use Gmail, Outlook, or other email services, but many people continue to use AOL because it is familiar to them or they simply don’t want to change their email address. This makes them prime targets for phishing scams that can, unfortunately, slip through AOL’s email filters more easily than other service filters. The body of the email states:  “We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs.” The enclosed link leads to a poorly constructed AOL phishing page that requests the user’s password. Once the credentials are submitted, the information is sent to the scammers and the user is redirected to the real AOL login page.

Analyst Notes

If a user falls for this scam and enters their login information, they should attempt to login into their AOL account and change their password immediately. If unable to login, the user should contact AOL support to recover control of their account. The new password should be unique to the login and reasonably complex, using a passphrase that includes punctuation, uppercase and lowercase letters. To assist in keeping unique passwords secure, there are a multitude of password managers available.

Source Article: