AOL users are being warned of a new phishing attack targeting the popular ISP. Customers are receiving emails claiming to be from the company’s “Safety and Security Team”. The emails claim they need to verify the recipent’s billing and account information. A link is provided, and if the recipient clicks on it they are sent to a fake AOL site and prompted to log in, then are asked to provide their credit card number and other personal info, all of which is sent to the scammers behind the attack.

This is far from the first time AOL has been exploited by scammers. Back in the 90’s AOL users were routinely sent fake emails claiming to be from AOL and asking for their login info. The scammers then logged into the compromised accounts and sent spam. The very first phishing scam I remember running into was on AOL as well, back in 1995 or so. I got an email that looked like it was from AOL saying the credit card I had on file had expired and asking me to log in and update it. I almost fell for it too, until I realized the email hadn’t been sent to the master screen name on my account, just that one sub account. Phishers and scammers have gotten a lot more sophisticated since then!

If you think you’ve fallen for a phishing attack, the first thing to do is to call your credit card company and report your card as stolen. If you gave banking info, call your bank and close your account. You’ll also want to change all your passwords and notify your IT department right away since your network may also have been compromised.

To avoid falling for a phishing attempt, remember these red flags:

1. Generic greetings. Any email from a company you do business with will greet you by your actual name or user name.
2. Bad grammar or mispellings. Emails from legit companies will be more professional than that.
3. Requests for personal info.  No legit company will EVER ask you for personal info via email.
4. Embedded links. Always let your mouse pointer hover over any links. The actual site the link points to will be revealed in the information bar. If it doesn’t match the text of the link, don’t click on it.

If you still not sure if an email from a company is legit, type its URL into your browser manually and log into your account. If there are no alerts presented chances are the email is fake!

If you think your company has been exploited by a phishing attack, you should contact your local FBI units IC3 (Internet Crime Complaint) Unit right away. Put an alert on your homepage, and set up an address for customers to report any phishing attempts they’ve got.