An AOL mail phishing campaign is underway to steal users’ login name and password by warning recipients that their account is about to be closed.

While most people are using Gmail, Outlook, or other modern free mail services, many older people continue to use AOL simply because they are used to the service and find it too complicated to switch to a new email service.e.

Unfortunately, this also makes them prime targets for phishing scams that, in my experience, tend to slip through AOL’s email filters more easily than other service’s filters, such as Gmail.

This week I was contacted by two older family members who received an email with a scary email subject stating that their “Mail Box will close in 3 days log in to re-activate.”

Scared that the email accounts they used for close to 25 years would be closed, they forwarded me the email and asked for advice.

The email stated that they need to login and verify their account within 72 hours, or AOL will deactivate their account.

“We don’t want to say goodbye!”
 
“We noticed you haven’t updated your account information recently, and since your security is our top priority, we plan to close this account as soon as possible. It’s going to take 3 days unless you act soon. Unless you verify this account, it will be closed in 72 hrs,” warns the AOL phishing email.

Enclosed in the email was a link to a poorly constructed AOL phishing landing page that asked visitors to log in to AOL.

PayPal phishing page
PayPal phishing page

Once AOL credentials are submitted on the form, the stolen credentials are sent to the attackers, and the user is redirected to the standard AOL login page.

As I have made a point of teaching family members about phishing scams and what to look out for, my family members did not fall for the scam.

Unfortunately, many people may not have received the same education and will likely enter their AOL login information.

What should you do if you entered your info?

If you received this phishing scam and mistakenly entered your login information, you should immediately log in to AOL and change your password. 

If the site doesn’t accept your password, it’s possible the attackers already gained control over your account. In that situation, you should contact AOL support.

If you use your AOL password at other sites, you should change them there as well.

When changing your passwords, be sure to use a different password at every site. By doing this, if one site suffers a data breach, it won’t affect your credentials at the other site.

To help you keep track of all of your unique passwords, BleepingComputer suggests using a password manager.