The old “update your account” scheme is probably still successful, which is most likely why cybercriminals keep coming up with new variants for it. The latest such spam wave targets AOL users.
The message is simple (via
DEAR AOL USER
You have to follow the link below to update and verify your E-mail account
to enable continuous access of your E-mail http://webmail.aol.com/verify
AOL ONLINE TEAM.
As you might guess, the link doesn’t point to the legitimate AOL login page, but to a replica hosted on a site registered for free in the Czech Republic.
Many of the buttons and the links of the phony website lead to aol.com
, but the Sign In
button doesn’t compare the credentials against the ones stored in AOL’s servers. Instead, it sends them back to the cybercriminals that run the scheme.
The legitimate links aren’t the only ones that make the plot genuine-looking. The malicious webpage also contains an iframe
that displays part of the mail.aol.com
There’s a very good reason for which the phishers have deployed this technique. The AOL login page changes, depending on important events that take place.
By embedding part of this page into their scheme, the crooks have a higher chance of making someone believe that they’re on the right domain.
In such cases, there’s a simple way to check if you actually are on the correct website: check the URL displayed in your browser’s address bar.
The legitimate URL starts with “https” (which means that it’s a secure connection) and it ends in “aol.com.”
On 99% of phishing sites, the secure connection is missing and aol.com
is not the actual domain, but a subdomain, or possibly the name of a file or a folder.