Account Management: Identifying suspicious activity
We have answers to all your questions regarding compromised accounts. Click a heading below to expand your question.
What is a compromised account?
A compromised account is one that has been accessed by someone other than you. It usually means someone figured out your password (without your knowledge or consent) and was able to log in to your account.
What's the difference between hacked and spoofed?
You can identify whether your account is hacked or spoofed with the help of your Sent folder.
- Your account has been compromised (hacked) when you find email in your Sent folder that you did NOT send.
- Your account has most likely been spoofed if you DO NOT find any strange email in your Sent Folder.
How do I know if my account has been compromised (hacked)?
- Your inbox is full of MAILER-DAEMON rejection notices for messages you didn't send.
- People you know are getting emails from you that you didn't send.
- There are outgoing messages in your Sent, Drafts or Outbox folder that you didn't create or send.
Note: If there are no Spam emails in your Sent Folder, but you are still receiving MAILER-DAEMON messages, and your Contacts are receiving messages that you didn't send, your account most likely been spoofed.
- Your account folders (Sent, Deleted, Spam, Inbox, etc.) have been emptied or deleted.
- Your Address Book contacts have been erased.
- During sign-in or when sending a message, you're asked to pass an image challenge.
- Emails you try to send are suddenly getting refused and returned to you.
- There are contacts in your Address Book you didn't add.
- You keep getting bumped offline when you're signed into your account.
- Your Display Name has been changed or looks odd.
- Your email signature suddenly has a link you didn't put there.
- You're not getting new mail or your new mail is going straight into your Saved IMs folder.
What should I do if my account is compromised?
- Change your password immediately. Read our password help article to learn how to change your password and for tips on how to create a strong password.
- Make sure you have antivirus software installed and updated. Run scans frequently to make sure your computer is free of all malware. (If you have not installed any antivirus software, visit AOL Internet Security Central to find the latest McAfee software provided by AOL).
- Change your Account Security Question.
- Review any Away Messages tied to your account to ensure no one has inserted spam or other inappropriate content.
- Check your Display Name (the name people see when you send them mail) to make sure it doesn't contain the letters "AOL", "A.O.L." or "Aol". Spammers sometimes change an account's Display Name and that can cause you to see an error message when trying to send mail.
- Review any signatures you use for AOL Mail, message board posts, or comments. Again, this is to ensure no one added spam or other inappropriate content.
- If you are still unable to change your password, please call us at 1-855-622-4946 and we'd be more than happy to assist you (Mon-Fri, 8am-1am ET and Sat-Sun 8am-10pm ET).
I receive spam emails from my own email address. What do I do?
Your Sent folder may offer the best clue to whether you have been hacked or spoofed.
Email spoofing is a technique that spammers use to send spam without it seeming like the message was from them. The spammer enters your email address in the From: field to make it seem like the spam message is coming from your AOL Mail address even though it is being sent from the spammer's email account.
Follow the instructions given in this article to resolve this issue.
Report the email as spam
When you receive an email that you consider spam, you should immediately click the Report Spam button. This helps to ensure that future email from this source will go to your spam folder. Rest assured that by reporting the email as spam you are not blocking or reporting yourself! You are helping us identify the source of the spoof email.
Change your password
If you suspect unauthorized use of your account, immediately change your password. This will lock out the unauthorized user and re-secure your account. If your account has been spoofed, this will help prevent it from being spoofed again in the future.
Note: If you still can't change your password, please call 1-855-622-4946 (Mon-Fri 8am-1am ET and Sat-Sun 8am-10pm ET) and we'll be more than happy to help you.
Delete your email address from your Address Book
Deleting your email address from your Address Book will help resolve this issue.
Note: Please check your address book regularly to ensure your email address is deleted from your Address Book. This will help reduce this problem.
To delete your email address from your Address Book:
1. Click the Contacts tab in the AOL Mail window.
2. In the Find Contacts box (next to Print button), type your email address.
3. Click the box next to your name, to place a check mark in it, and then click Delete.
Scan Your Computer For Virus and Spyware
Scanning your computer for viruses and spywares using AOL Virus Scan protection and AOL McAfee Internet Security Suite may solve the issue. Please ensure that the AOL software is closed before you perform the steps below.
To scan for viruses:
1.On the Windows taskbar next to the clock, right click the McAfee ( M) icon, and then click Scan.
2. Under Options, click the Scan Now button.
The Options pane has different options and their descriptions are:
- Scan all files - Thoroughly scan all file types. Click the Scan all files box to clear it, if you wish to shorten the scanning time. This will ensure that only program files and documents get scanned.
- Scan for unknown viruses using heuristics - Scan for new, potential viruses. It uses advanced techniques that try to match files to the signatures of known viruses. You can also be assured of a thorough scan. However, it does take more time than a normal scan.
- Scan .zip and other archive files - Ensures that .zip and other compressed files are scanned. Sometimes virus authors plant viruses in a .zip file. This .zip file is in turn planted into another .zip file to bypass anti-virus scanners. Select this option to ensure that these viruses are not overlooked.
- Scan for spyware and potentially unwanted programs - The software detects spyware, adware, dialers, and other potentially unwanted application. By default, this option is enabled for maximum protection.
- Scan for rootkits and other stealth programs - Rootkits are programs that alter existing Microsoft Windows system files to escape detection. They can include spyware and other stealth programs that might create additional security or privacy to your computer data and McAfee information.
3. When the scan is complete, a pop-up window will display the details of the scan. To see the scan results of any suspicious files, click View Results.
Note: If the View Results window does not show up, then the computer is virus free.
4. Click the Finish button.
How do I find out the true return email address of a sender in an email scam?
It is possible to discover the real email address of a sender of mass emails and email scams. The following information will help you to identify and report annoying mass emails and scams coming to your inbox. To do this:
1. Open the email.
2. In or near the header of the email (the section containing To, From, and Subject information) you will see Details, Show Details, Full Headers or similar wording depending on your email provider. Please click on that link.
3. Detailed information about the where the email originated will appear. The information provided will include the senders Originating IP address, Return Path, Authentication Results and, most importantly, you will see the real return address, which can usually be found under Reply To or Mailed By.
Once you have identified the sender of the offending mass email or scam, you should report the incident. For information, please read our online help article Manage spam and privacy in AOL Mail.