It seems there is a big spam problem involving AOL accounts right now.
You only have to check out the #AOLHacked hashtag on Twitter to see many people complaining.
I don’t have many friends who still have AOL addresses, but a few (less technical) chums of mine are still saddled with them.
Which means, in the last few days, I’ve been getting spam from them too.
Here’s an example:
Subject: Fw: news
If you receive a spam email like this and click on the link you will be taken to a bogus news website, peddling a Garcinia Cambogia miracle diet, purportedly being backed by TV celebrities such as Dr Oz.
No one is suggesting that Dr Oz, Oprah, and other celebrities mentioned on the webpage are in anyway associated with the spam campaign of course. The spammers are simply trying to drive as much traffic as possible to their diet-pushing website, in the hope that a small percentage of people will be lured into purchasing.
And, of course, the spammers will earn cash the more sales that are made.
But be wary if you are visiting the sites from an Android device. As Martijn Grooten from Virus Bulletin reports, you could be hit by a variant of the NotCompatible Android Trojan horse.
Quite what the problem is at AOL is currently unclear, but the site has just published a blog post acknowledging that there is an issue:
In our ongoing effort to protect your AOL Mail address from being used in connection with email spoofing, AOL Mail is immediately changing its policy to help mail providers reject email messages that are sent using forged AOL Mail addresses.
AOL is taking this step because spammers are sending email that appears to be from valid AOL email addresses. In fact, these emails do not originate from AOL or our customers. Rather, the outgoing addresses are edited by the spammers to make them appear to be legitimate AOL email addresses. By initiating this change, AOL Mail, along with other major email providers will reject these spoofed email messages, rather than deliver them to the recipient’s inboxes.
We regret that legitimate senders of email to you may be temporarily impacted by this change, and those affected will need to update how they send email messages to you. We’ve detailed steps of how they can comply with our new policy here.
If you believe that your account has been compromised, or that your AOL Mail email address has been used to send spoofed messages, please visit the AOL Help site.
AOL takes the security of consumers very seriously and we are committed to continually improving our security protocols in an effort to prevent situations like this from occurring. We apologize for any inconvenience this may have caused.
My reading of AOL’s statement is that they are claiming that their site has not been hacked itself, but instead spammers are forging email addresses to pretend that they come from legitimate AOL users.
Of course, this doesn’t explain how the emails are being sent to genuine contacts of those particular AOL users – have the address books of AOL users or AOL’s mail logs somehow fallen into the hands of malicious third parties?
Lets hope more details emerge soon about what’s going on, before I have to tell the few AOL-using friends I still have to upgrade to another email service.
(And no, I’m not recommending Yahoo. Sorry Marissa.)
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.