Phishing and Spoofing Identity Theft Schemes

17
28604

Overview

Half of all internet users get at least one phishing email per day. That number goes up considerably for those of us who are active with email and social media. Phishing emails are designed to get you to provide personal information such as your bank account number, routing number, social security number, birth date, etc. (see the AOL email fraud example below). The information obtained is used to secure a credit card in your name or draft a payment from your checking account.

How to Spot Fraudulent Emails

Although identity thieves constantly change their approach, many phishing scams have similar characteristics. Being familiar with these will help you determine whether an email is fraudulent.

Look for Spelling and Grammar Errors – Most companies that send official emails take the time to proofread and double-check that their emails are free of spelling and grammatical mistakes. It’s a good business practice, and it’s a sign that you’re reading a message from a legitimate company. If you receive a message filled with errors, it is more than likely a scam.

Use of ALL CAPS – Phishing attempts often try to create a sense of urgency to get you to take action immediately. Look for statements like, “YOU MUST CHANGE YOUR PASSWORD NOW.” It is important to note that most legitimate companies don’t use email as their first contact method for urgent matters.

A Fake Display Name – Most phishing emails will fake the “From” name to get you to believe it is from a legitimate person or business. This is called “spoofing.”

Phishing Email Example

Below is an example of a fraudulent AOL email scam:

Dear John.Smith@internet.com:

We use this medium to notify you that your AOL account has generated some errors on our MySQL Database and you are required to follow all instructions given to you in order to correct this problem.

During our regular account verification procedure, we encountered a technical problem and we could not verify your information which we have on file. Your account data could not be recovered due to system errors resulting from Windows update. As a result of this, your information which we have on file is incomplete and your account functions are abnormal.

In respect to the above, you are urgently required to re-submit your information via our servers so that we can fully verify your AOL account; otherwise, your access to AOL services will be deactivated until you pass the verification procedure.

We strongly require that you click here to verify your AOL account!

Note that failure to verify your account immediately will lead to permanent deactivation of your AOL account..

We are very sorry for the inconveniences this might have caused you and we assure you that everything will return to normal as soon as you have done the needful.

AOL Technical Team

2011 AOL LLC. All Rights Reserved.

What to Do if You Receive the Email

If you receive this or any other fraudulent email, please do the following:

  • Don’t click on any links in the email
  • Don’t reply to the email
  • Mark the email message as spam
  • If unsure of an email’s authenticity, forward the email to your email provider’s abuse contact. For example, AOL’s abuse email is aol_phish@abuse.aol.com.

How to Tell if AOL Mail is Official, or if it is AOL Email Fraud

When AOL sends an important email to its users, they mark each message with a slight blue AOL icon. The blue icon is located between the sender and the subject line. Below is what the blue icon looks like:

AOL official mail icon

Also, when you open an Official AOL email message, you’ll see the “Official Mail” banner at the top.

If you get a message that seems like it’s from AOL but it doesn’t have those two indicators, it’s a fake email. Report the AOL email fraud to help them address the problem.

Smishing Identity Theft for Cell Phones

Chances are, you have security software installed on your computer to protect your email against “phishing”— fraudulent messages that attempt to get you to reveal sensitive information such as account numbers and passwords. Unfortunately, these same scams come directly to your phone via text. “Smishing” is done over short message service (SMS), or text messaging.

The Pew Internet and American Life Project found that, on average, mobile phone users send and receive approximately 40 text messages daily. At some point, you’ll likely encounter these fraudulent text messages and the scam of identity theft smishing. If your smartphone isn’t secure, your personal information could be vulnerable to Smishing Identity theft.

Common Smishing Identity Theft Schemes

Common smishing fraudulent text messages (also referred to as SMS – short message service) often appear to require immediate attention.

The fraudulent messages may take a format such as:

  • For example, a fraudulent text message “from your bank” telling you your account has been shut down and asking you to call a number to reactivate the account.
  • In another case, a text message that says you have been registered for a service will be charged unless you take some form of action, such as visiting a website.
  • Confirmation of a purchase that directs you to call a number if the confirmation is inaccurate

If you take the actions prompted by the fraudulent text messages, you may send your personal information directly to a scammer. Some spy programs will spread malware or viruses on your mobile phone or computer. And others may give the scammers the means to eavesdrop on your phone calls.

How to Protect Yourself from Smishing Identity Theft

If you get an unsolicited text from an unidentifiable source, protect yourself with these tips:

  • If the text message appears to be from a legitimate source, contact that source’s phone number—not the phone number provided in the text—and verify it is legitimate. In most cases, legitimate businesses, such as banks, do not send text messaging that elicits a response.
  • Delete any text message from unknown sources without reading
  • Do not click on links or download software apps from an unverified source
  • Never provide sensitive information to an unverified source
  • Avoid any text message that appears to come from the number 5000. This may be an identity that hides a scammer’s real phone number. The message may be masked using SMS spoofing (described below).
  • Add security software to your mobile phone.
  • Look into setting up a “text alias.” This cell phone feature hides your actual phone number from the smishing sender
  • Contact your cell phone service provider and report the text message you received

Short Message Service (SMS)

Most people know it simply as text messaging, but the technical term is SMS (Short Message Service). SMS is a service for sending short messages of up to 160 characters (224 characters if using a 5-bit mode) to mobile devices.

SMS Spoofing is a new technology that uses the short message service (SMS) to set who the messages appear to come from by replacing the originating mobile phone number with alphanumeric text. In truth, conducting SMS spoofing has a legitimate purpose but can also be used to impersonate another person, company, or product. SMS spoofing is a common technique that scammers love to use to steal your information and annoy you.

File a Complaint about AOL Email Fraud

To learn more or to file a complaint, contact the Federal Trade Commission’s identity theft website.

Questions and More Information

If you have any questions, please post a comment below. If you want to learn about other types of fraud, read:

17 COMMENTS

  1. Had a problem with my AOL emails, called the support line they recommended. Support took over my computer sold me a $600 life time subscription to Webroot and Norton fire wall. A few days ago they called and said my ip was duplicated and I needed a$2000 fix. I think I’m being scammed. All through AOL

  2. Oprah Winfrey stole my AOL account almost 12 years now and has stolen all my work and is making millions on my work and name. I was the one who saved her channel. Many of movie ideas are mine. Tyler perry has stolen ideas she has worked with doc oz in stealing my healing ideas and much more. She has stolen my email and claimed it as bars. And is making millions off my name and my AOL account. I want the power of my account and oprah removed immediately she is a fraud. And has used her power to take my work. AOL must correct this. This is out of control because she is a so call superstar.

  3. AOl, PLEASE blacklist all emails from cortseren and setgomedia and anything ending in .SE

    These emails are never ending!!!!!! Please do something.

  4. I received this email today. when I hit reply the reply address is a long string of letters and numbers and ends in net rather than com. Does anyone know if this is legit?

    Hi AOL Member,

    We love that you love using AOL email. And we want to make sure you always have the best experience. That’s why we’re reaching out today.

    We’ve noticed that you’re using non-AOL applications (such as third-party email, calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, AOL will no longer support the current sign-in functionality in your application starting on October 20, 2020. This means that you will need to take one of the steps below to continue using your AOL Mail without interruption.

    But don’t worry, you have options:

    Option 1: We recommend that you access your mail using our free AOL app for iOS and Android or simply go to mail.aol.com to access AOL Mail on the web.

    Option 2: Keep your current, non-AOL app, BUT follow a few steps to get it to sync with our secure sign-in method. The steps vary across different email applications, but in most cases, you will have to remove your AOL account from the app and then add it back again to update sign-in security. Use the links below to follow the specific steps for your current application:

    iOS Mail
    Gmail
    Samsung Mail
    Others

    Option 3: You can generate a one-time, unique password that will allow you to sign in to your account using your non-AOL email application. Once created, this password will continue to allow your app to securely sync your AOL email unless you sign out (or are signed out) from your app. You can find instructions on how to do this here.

    If you want more details on these changes, please visit our help page. If you’ve already taken action, we’d like to think you haven’t read this far, but if you have… we appreciate the diligence!

    Thanks for rocking that AOL email address!

    The AOL Team

  5. this was in my email at 7:30 p.m. (07/24/2020)
    Charles Koch
    Ref Number: 967053915
    Batch number: 6854396709/452FB
    The winning number: FB7703/LPRC
    National Lottery Program wishes to notify you that you have been
    chosen through a Computer Ballot System as one of the recipients for
    2020 Online Sweepstake Promotion Draw. You are among the jackpot lucky
    winners for the sum of €5,000,000.00 (Five Million Euros) Prize
    promotion Award which is organized by National Swiss Lottery Inc.
    This result is now made available to you. We advice that you keep your
    winning information confidential until
    your claims has been processed and your money released to you. This is
    part of our security protocol to avoid double claiming and unwarranted
    abuse of this program. For the release of your winnings, kindly
    contact your claims agent with the following details to expedite the

    processing of your prize winning.
    1. Full name:
    2. Address of Residence:
    3. Country:
    4. Tel/Mobile and fax number:
    5. Occupation:
    6. Age:
    7. Sex:

    You are advice to contact our Claim Department immediately for the
    claim, and send Note in order to avoid unnecessary delays; remember to
    quote your
    Reference and ticket numbers in all correspondence. Congratulations
    once again from all our staff and thank you for being
    part of our special quarterly promotional award program.
    Yours Sincerely,
    Mr.Paul Edward
    PAULAEDWARD4343@outlook.com
    ( National Swiss Lottery INC Promotion Agent)

  6. I received the following e^mail from ‘aol’. Please verify its validation.

    —–Original Message—–
    From: Aol! Mail
    To: wxp9
    Sent: Sun, Apr 14, 2019 6:59 am
    Subject: niseko; Your Account Will Be Deactivated

    Hello niseko,
    This is to inform you that your request on: 04/12/2019 2:07:11 p.m. to remove your account from Aol server has been approved and will initiate in one hour from the exact time you open this message. Regards.

    ignore this message to continue with email removal or

    If this deactivation was not requested by you

    Please reply us.

    Regards,
    Aol

  7. I had recently changed my password on AOL and they had someone trying to send an email out on my AOL address. Their email was listed as vivekfree@yahoo.com and I received one yesterday listed as someone else that might have the same ID or is trying to use my address again. I want you to find out who this might be and notify me immediately. My credit score has went from nearly 700 to 550 in less than a year.

    • We recommend that you first change the password on your email account. Then, forward any fraudulent emails to aol_phish@abuse.aol.com, then delete the emails.

      If you feel that your identity may have been stolen, or personal information has been used that affects your credit report, contact the three credit reporting bureaus and request a copy of your credit reports. You can request one free report from each bureau each year through https://www.annualcreditreport.com/.

      Once you obtain the reports, look for any accounts that you did not open. If you notice any, follow the credit reporting bureau’s process for reporting the fraudulent activity.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.