AOL Member Directory Profiles - Password Phishing Alert
Posted on Aug 24th 2007 5:19PM by Joseph Manna
Filed under: AOL Help, Privacy and Security, Status Updates, Featured Items, Community Info, Member Directory
[Update 8/31:
A number of profiles that have been compromised are now carrying a
"dating site," which users have not inserted on their profile. Pictured
below is what one of these might look like:]
This is a profile that was compromised by a spammer. Read more below to learn how to fix it.
We're aware of a number of Member Directory profiles that appear to be compromised. These compromised profiles are being used by spammers; more importantly, some accounts are being used by "password phishers" to direct people to fake AOL Web site (in this case, a fake AOL Pictures Web site), in an attempt to steal your account password. Here is how you can spot the fakes, as well as what we're doing about it.
The compromised profiles have an "AOL Pictures" image and a link to a fake AOL Pictures Web site. The fake links are in the "About Me" tab of the profiles, whereas the real embedded AOL Pictures galleries are in the "Pictures" tab. Here's what they look like:
Example of phished (top) and legitimate (bottom) AOL Member Directory Profiles.
This is a profile that was compromised by a spammer. Read more below to learn how to fix it.
We're aware of a number of Member Directory profiles that appear to be compromised. These compromised profiles are being used by spammers; more importantly, some accounts are being used by "password phishers" to direct people to fake AOL Web site (in this case, a fake AOL Pictures Web site), in an attempt to steal your account password. Here is how you can spot the fakes, as well as what we're doing about it.
The compromised profiles have an "AOL Pictures" image and a link to a fake AOL Pictures Web site. The fake links are in the "About Me" tab of the profiles, whereas the real embedded AOL Pictures galleries are in the "Pictures" tab. Here's what they look like:
Example of phished (top) and legitimate (bottom) AOL Member Directory Profiles.
The link takes the user to page that looks very much
like an AOL sign-in page, then redirects them to the legitimate AOL
Pictures site after it gets your password.
Keep in mind, while this particular password stealing attempt uses a fake AOL Pictures site, there are also variations. The best way to ensure that you're going to a legitimate AOL Web site is to look at the full Web address in the link, and in your Web browser's address bar when you get to the site. If you have any doubts as to whether you're at a legitimate AOL site or not, don't enter your login information.
If you think your account may have been compromised (that is, if you think you've given your password to a fake site), I strongly recommend that you go to AOL Keyword: Billing (or https://bill.aol.com) and:
* Change your passwords
* Update your Account Security Question (ASQ)
* Look at the screen names on your account and delete any unauthorized names from your account.
* Perform a virus scan on your computer. A lot of phishing sites will attempt to deliver a virus or password stealer on your computer. If you don't have updated anti-virus software, AOL provides McAfee VirusScan Plus for free.
Once your account is secured, if your profile was compromised, you'll probably want to reset your profile. It's easy to do:
To upload pictures to your profile, click the Pictures link on the left side, then click "Add Pictures." When you upload your pictures, they will be available on the Pictures tab on the top.
Safety is a very important topic for us, and covers many areas such as your Instant Messaging, as well as products such as AOL Member Directory Profiles. We are currently taking steps to identify potentially compromised accounts and block spam sites.
If you see a profile that you suspect is a spam profile or part of a password stealing scam, you can report it by clicking the "Notify AOL" link in the left column.
Keep in mind, while this particular password stealing attempt uses a fake AOL Pictures site, there are also variations. The best way to ensure that you're going to a legitimate AOL Web site is to look at the full Web address in the link, and in your Web browser's address bar when you get to the site. If you have any doubts as to whether you're at a legitimate AOL site or not, don't enter your login information.
If you think your account may have been compromised (that is, if you think you've given your password to a fake site), I strongly recommend that you go to AOL Keyword: Billing (or https://bill.aol.com) and:
* Change your passwords
* Update your Account Security Question (ASQ)
* Look at the screen names on your account and delete any unauthorized names from your account.
* Perform a virus scan on your computer. A lot of phishing sites will attempt to deliver a virus or password stealer on your computer. If you don't have updated anti-virus software, AOL provides McAfee VirusScan Plus for free.
Once your account is secured, if your profile was compromised, you'll probably want to reset your profile. It's easy to do:
- Click Edit My Profile located on the top of your profile.
- Click Settings, located on the left side.
- Click Reset Profile.
To upload pictures to your profile, click the Pictures link on the left side, then click "Add Pictures." When you upload your pictures, they will be available on the Pictures tab on the top.
Safety is a very important topic for us, and covers many areas such as your Instant Messaging, as well as products such as AOL Member Directory Profiles. We are currently taking steps to identify potentially compromised accounts and block spam sites.
If you see a profile that you suspect is a spam profile or part of a password stealing scam, you can report it by clicking the "Notify AOL" link in the left column.
Reader Comments (Page 1 of 1)
1. I have used online macafee, and aol mcafee, flashpicsfix, Stinger, and nothing shows any virus on my end. The profile gets hijacked WHILE I'm online and I've changed my password.
Hundreds of others have this. It's clear that this is a problem with AOL's security. Since this profile is unique to AOL and AOL provides a custom version of Mcafee, it seems that AOL and Mcafee should find a cure for this thing.
It's unfortunate that AOL is not doing much to fix their security breach.
Posted at 2:36AM on Sep 3rd 2007 by Rick Grossman
2. Rick -- you're right, the team is working on a security patch; I will blog more when I know more. Thanks -- Joe (posted & mailed)
Posted at 1:14PM on Sep 4th 2007 by Joe Loong
3. i have been having a problem accessing my aol profile, anytime that i try to access my profile it goes directly to an aim page and my member profile is gone!! can someone please explain
Posted at 3:31AM on Sep 17th 2007 by kanisha