Team AOL has created a free service that automatically scans every email attachment you send or receive for viruses, worms and Trojan horses. We scan all email no matter what version of AOL software or computer you're using. Despite this email scanning, someone using your computer could still accidentally infect it with a virus.
At this time, a virus cannot infect your computer when you simply read an email or instant message. If an infected file is attached to an email message, you must download and run the attached file on your computer for a virus to infect it. For an instant message to infect your computer, you must both accept the file transfer and then run the file. This is why it’s very important to be cautious of unsolicited files sent by someone you don’t know. The safest policy is to never download files sent to you by strangers.
Select an FAQ below to learn more about email scams and how to protect yourself.
What is Vishing?
The latest ploy to steal your credit card number and personal information is extremely believable and many are falling for it. Scammers are now calling you on the phone and tricking you into responding to an email that looks like it was sent from PayPal, eBay's online payment service.
The email warns you of a problem with your PayPal account. Users are asked to call a phone number, where an automated answering machine asks for account information, mimicking the legitimate ways that customers interact with financial institutions.
Security experts call this new scam "vishing" -- short for "voice phishing." Vishing may not always begin with an email, it may begin with a phone call as well. These calls are quite believable, because the caller already knows your credit card number. All you are asked to provide is the three-digit security code found at the back of the card.
A valuable lesson: If you get a phone call from someone asking you to provide or confirm any of your personal information, immediately hang up and call your financial institution. If there is a genuine issue, your financial institution will be able to assist you.
For more tips on how to keep your account secure, please visit the AOL Mail Security site.
Words of advice:
- Never give anyone your credit card number or the three-digit security code on the back of the card unless you initiate the call. (Calling in response to an email doesn't count as initiating the call.)
- Never click links in emails unless you know the sender and are sure the link is legitimate.
- Never give out your personal information to a stranger, either online or over the phone.
How can I spot an email phishing scam?
A phishing scam is a message that tries to trick you into providing private information.
Any email that tries to scare you into doing something is suspicious. These can look very official.
Here are some examples of phishing email scams:
- Example #1
- Example #2
- Example #3
No reputable service will provide links within an email to enter sensitive personal information -- it's simply too easy for bad guys to reproduce.
Phishing emails often use official-looking logos and layouts and sometimes link to very real-looking forms. The people behind these scams are looking for passwords, banking information, Social Security numbers, mother's maiden name, date of birth and more. They can use this to steal your identity and assets or open credit card accounts in your name.
Typically, phishing emails contain a link to click or a file to download. Don't click any links. Don't download any files!
When you think someone's trying to trick you, forward the email to us at this address: firstname.lastname@example.org
Email scams are tough to weed out. Nevertheless, almost all of them contain clues that will help you figure out that these are scam emails. You just have to know what to look for.
Top 5 clues to spot an email scam:
- Check the spelling
Scammers are notorious for their lack of basic spelling and grammar skills. Look out for misspelled words and incomplete or awkwardly written sentences in the email. An email that is supposedly from a reputable and well-known organization will not misspell the name of the organization. For example, one email scam aimed at Facebook users spelled the name of the site with a lowercase F ("facebook").
- Check who signed it
An email from a legitimate business will always be signed with a person's name and contact information. If an email signs off with something vague, such as "Customer Support”, be wary.
- DOES THE EMAIL SCREAM AT YOU IN ALL CAPS or have lots of !!!!!! at the end?
Beware of emails that try to get your attention by using all capital letters, especially in the subject line, or that try to scare you with lots of exclamation marks. Using all caps has long been viewed as online shouting, which just isn't done in a professional setting. The authors of scam emails tend to write over-the-top and very emotional content. Also, keep an eye out for dire warnings, such as "Urgent!" or "Danger!"
- The email has an executable attachment
Never download an attachment unless you are sure it's legitimate. A favorite ploy of scammers is to send emails that look like someone you know sent it to you. Don't be fooled by the sender's name. Always verify that the attached file does not contain a virus. You can do this by running a scan or checking with the sender whether it is a legitimate email.
- The email has a link to a website
As more people now know that they shouldn't download attachments from strangers, scammers have become smarter. Instead of attaching a file, they include a clickable link to a website where you might be asked to provide personal information. For example, you might receive an email that appears to be from your bank offering you a very low interest rate on a mortgage or home equity loan. If you click on the link, it could ask your name, bank account number and online banking password to get onto the site. Don't ever provide this information if you have reached the site by clicking a link in an email.
One final word of advice: Never, ever respond to a spam email. By doing so, you confirm that your email account is active, and you'll likely be flooded with more spam.
Check out the other FAQs in this article if you feel that you have been sent phishing emails.
What do I do if I have entered my personal details on a phishing link or in a phishing email?
If you have replied to a phishing email with your billing or other personal information, your account may be compromised.
In the event that you are a victim of a phishing scam, please do the following:
- Notify your bank and/or credit union of the fraud.
- Change your institution password immediately. For tips on creating a secure password, refer to our online help article Account Management: Managing your AOL Password.
- Report the suspicious email to us by following the instructions given in our online help article Account Management: Identifying suspicious activity. (Click on the I receive spam emails from my own email address. What do I do? header and then on the Report the email as spam solution.)
- Scan your computer using antivirus software. Sometimes, when you click a phishing link, a virus or spyware may download onto your computer without your knowledge. To protect your computer from a virus/spyware attack, scan your computer using antivirus software. If you are using McAfee Internet Security Suite 2009 - Special edition from AOL, read our online help article Scan your computer using McAfee.
IMPORTANT: You will NEVER get an unsolicited email or link from AOL requesting you for your passwords and other personal information. Whenever AOL needs to contact you for official purposes, you will receive AOL Certified Mail.
For more information on phishing email scams, how to spot them, examples of email scams, and what you should do if you receive a suspicious looking email, please visit the AOL Mail Security site.
Note: If you do not have any antivirus software installed on your computer, follow the instructions given in our online help article Install McAfee Internet Security Suite - Special edition from AOL.
How will scammers try to get my information?
One of the most important things to do when using the internet is to keep your AOL password secure. If you reveal your password to anyone, you may be susceptible to unsavory characters posing as you in chat rooms, sending emails from your account and shopping online using your credit card. It is important to be conscious of the scams and tricks hackers use to gain your personal information.
Common scams you need to be aware of
- Online technical support consultant: This is someone posing as an AOL consultant and claiming to help with problems relating to passwords, line noise, hackers or other technical issues. What they really want is to find out your AOL password and other personal information. Remember, AOL Customer Support Team Representatives will NEVER ask you for your password. If you suspect someone is posing as an AOL consultant, do not give them any of your personal information (name, address, password, social security number, bank information, etc.). Immediately report the poser by sending the email, chat session or typed conversation to email@example.com.
- Hacker enforcer: Team AOL has employees who work to prevent hacking, and we will NEVER contact you via Instant Messenger or in a private chat room. If a hacker does contact you via Instant Messenger or private chat room, close the window and do not respond.
- Billing, Credit or Community Action Team department: We have a billing department, but would NEVER try to conduct these types of inquiries using Instant Messenger. AOL Customer Support Team representatives will NEVER ask you for your credit card number. If you are asked for your billing information via email or Instant Messenger, do not send any information. Report any suspicious billing emails or instant messages by forwarding the email or copying and pasting the instant message from the scammer to firstname.lastname@example.org.
- Trojan horse programs: Trojan horse programs arrive in your mailbox as email attachments disguised as software, screen savers, photos or some other offer for free products. If you mistakenly download one of these attachments, the Trojan horse program may contain a virus that will damage files on your computer, or it may capture your password and mail it back to the hacker's email address. If you receive a suspicious email with a file attachment, don’t download the file and never download files sent to you from people you don't know. If you accidentally download a Trojan horse program, use anti-virus software such as McAfee Internet Security Suite – Special edition from AOL, or save all of your files, erase all data from the hard disk and reinstall your operating system.
Chain emails and petitions
Both chain letters and petitions bring more emails to everyone's mailboxes and may inadvertently give your email address to people who will send you even more spam. Stay clear of:
- Chain letters asking you to forward a specific message to others promising health, wealth or good luck
- Petitions asking you to forward a message to demonstrate support for a cause
If you receive chain emails or petitions, delete them immediately. Also, check the spam controls in your email settings to adjust the email going to your inbox.
If you accidentally open a chain email or petition, keep your anti-virus software up to date and scan your computer regularly. If you don’t have anti-virus software on your computer, you may want to visit our AOL Internet Security Central page for more information.
Junk email, prizes and contests
Junk email is any unsolicited advertising, promotional material or other form of solicitation masquerading as a legitimate email message. In addition to being a nuisance, junk mail can carry dangerous Trojan horse programs that could result in hackers obtaining your password.
“Contest” scams try to trick you into providing your credit card or personal information in order to receive a prize you have allegedly won. Often the scammer will claim that they need your information to cover the shipping and handling costs for your prize. With this information, the scammer can make purchases with your credit card or even alter your credit information.
If you receive junk email or contest scams, do not respond and delete the emails immediately. Also, check the spam controls in your email settings to adjust the email going to your inbox.
If you accidentally respond to junk email or contest scams with your personal and credit card information, immediately contact your bank and credit card provider to inform them of the situation. Then run your anti-virus software on your computer to remove any Trojan horses that may have been downloaded to your computer. If you don’t have anti-virus software on your computer, you may want to visit our AOL Internet Security Central page for more information.
How do I know if I’ve received password or billing requests that claim to be from AOL?
Sometimes, you may receive scam emails that ask for your username, password or other personal information. Never provide your password or personal details in any email because AOL will NEVER ask you for your password or any billing information through an email. If you receive such emails, simply let us handle them by forwarding it to us at email@example.com.
You can find out if an email you received is an official email from AOL or a billing/confidence scam by looking at the email closely. Explained below are ways to identify such emails and what you can do to protect your account and personal information.
About Official AOL Mail
When AOL needs to contact you for an official reason, you will receive an Official AOL Mail. Official AOL Mail is designed to help you easily identify email that has been sent by AOL, and could prevent you from falling prey to any attempts at misusing your AOL account. Check out AOL Certified Mail to learn how to identify our messages.
Billing request email scam example
Below is an example of an email scam you may receive from someone trying to steal your billing information. This example demonstrates how the scammer attempts to scare you into giving them your information by threatening to close your account. Please report any email like this to AOL as soon as you receive it.
********** AOL WARNING**********
Good day AOL user, we have been notified at our financial department that you have not submitted the right credit card number, telephone number, and billing address with first and last name. Please reply with that information and we will be glad to enter it on the computer for you. If you wish not to reply we will be forced to cancel your account.
Please state the following in order:
- Current credit card company or bank
- Number of the card and expiry date
- Your name
- Address and state with zip and your home and phone number
- Number of bank or the back of your card phone number
- Social Security number
- Date of birth
- Mother's maiden name
Regards, Jon Robinson, Community Action Team, AOL Inc.
Sometimes, people may try to gain your confidence by posing as an AOL employee so that you provide your personal information to them. They may pretend to be an AOL Billing, Community Action Team (CAT) or Security representative. They may also send you a link to a website that looks like an official AOL website but will actually send your data to the wrong people. NEVER respond to anyone asking you for your personal information unless it is an Official AOL Mail.
Change your AOL password and account information
Your AOL password protects your AOL account from unauthorized access. Only people who know your password can sign in with your username; therefore, never reveal your password to anyone.
If you suspect any unauthorized access to your account or username, you should immediately: