A home user client forwarded an email requesting that I read it and advise him about the contents.

With the subject, “Important: Don’t lose access to your email account,” the email, purportedly from AOL Broadband Member Services, contained a reminder about a change in how the parent company, Verizon Media, was going to handle data. The email urged the recipient to review the new rules and went on to warn, “otherwise you will not [sic] longer have access to new email.” The center of the email contained a bold link to “Review and agree now.”

Of course, this email was a classic phishing attempt; however, anyone would have thought that the page was a legitimate AOL page upon clicking the link. The coding behind that web page was identical to AOL’s own. The only subtle difference would happen after a person entered an email address or user name and a password.

I didn’t take my experiment any further because I could see from the website URL that this was not a valid AOL page. The address was https://aolmaildomain.weebly.com. That was the final clue that convinced me this was not a legitimate email.

Weebly is a web-hosting service that lets you develop your own website. Because it is owned by Square, the payments processing company (Heliotropic Systems uses Square), it is designed to let people build e-commerce sites quickly and easily.

It did not take me long to discover the appropriate division to submit a complaint about this particular abuser’s website. I included a brief description of the problem and sent back a copy of the original email after receiving a confirmation of my case. The good news is, less than 24 hours after receiving the request from my client, the bogus website had been removed from Weebly.

Lesson to be learned: If you think the email you received is suspicious, don’t click anything. Forward it to me for review, and I’ll let you know if it is safe to proceed or delete. Please don’t think, for one minute, that you are bothering me when you do this. I’d rather take a few moments as a precaution than to take hours (or more) later to clean up a mess.

In this case, the consequences for someone who depends on AOL for email would have been a new “silent partner,” diligently reading their emails to harvest personal information — the first step towards identity theft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation