In the past couple of weeks, I've noticed a rash of scams targeting AOL users. If you have an AOL email address, the information here will be of the highest importance. If you do not have an AOL email address, you'll still want to know this, as there are similar scams that use the same tricks. I'll explain what to look for, so you stay protected.
Scam #1: What Happens
The first scam comes to your email inbox pretending to be from AOL (see above image). It tells you that your password is about to expire. You think, "Oh no!" But there's a big blue button that promises to let you keep your current password. Unsuspecting (and very intelligent) people click on this button because they're stressed by the thought of losing their password or email account.
When you click on the button, you're taken to an official-looking AOL page where you're asked to enter your current password. Now, the scammer has your password and your email address.
What happens next? The scammer hacks into your email account and sends out a phishing scam to all of your contacts. This email that your friends, family, and professional associates get pretends to be from you. The scammer asks your contacts if they wouldn't mind buying a gift certificate on Amazon and emailing back the gift card code and number. The scammer (pretending to be you) says they'd do it themselves, but for some reason, their Amazon account isn't working.
Scam #2: What Happens
The second version of what I've been seeing lately is very similar to the first (see above image). The difference is that you're threatened with account de-activation. They try to make you think there's been a request from you to close your AOL account. Clicking on the link to "Cancel De-Activation" will put you on the same type of bogus web page that'll extract your account details. Using this info, the scammers will again hack into your account and try to fool your contacts. (There are several iterations of this scam. The one thing they have in common is trying to get you to panic.)
How to Spot the Scam
AOL is an email provider, so it would be easy for a scammer to make up an email address that may sound official-ish using "@aol.com." However, whenever AOL sends out its legitimate communications, it always marks them in two unique ways (shown in image below).
How to Spot Other Types of Email Scams
When it comes to emails from organizations that are NOT email providers, the best way to tell if the email you received is legitimate is to check who sent it. However, you can't just look at the title. See the below image, where it says "Michigan Theater Foundation" highlighted in blue. How do I know this email is from the Michigan Theater? I click the little arrow (circled in red) to show me the actual email address.
Yep! This one is really from the theater: "email@example.com." It doesn't matter what the part before the @ says. It's the domain after the @ that matters. I know for a fact that the Michigan Theater's domain is always "michtheater.org." CAUTION: Tricky scammers will sometimes try to make the domain look like the real thing, e.g. "michtheater.com," instead of ".org," or "firstname.lastname@example.org."
Also, ask yourself if you even have an account with the sender's organization. For example: "Your PayPal account will be charged $450." Do you have a PayPal account? If no, delete the email.
It Doesn't Take a Genius to Be a Scammer
Now, take a look at the two AOL scams we started with. They didn't even try to hide their email addresses! These scammers aren't rocket scientists. Sadly, they don't have to be. Their scams still catch a lot of people off guard. But not you. Now you know what to look for!