You’ve Got Spam: AOL Data Breach Tied to Wave of Phishing

May 5, 2014 | By Kevin Judge

spam

The company that made the phrase “You’ve got mail” famous is now saying that if “you’ve got AOL mail” you better change your password and be on the lookout for trouble.. A flood of spam email from hackers that spoof AOL email account addresses has been tied to a data breach at AOL. The spam is potentially very dangerous because they are being sent by hackers with malicious intent, so called phishing.

According to AOL, the hackers accessed gained access to e-mail addresses, encrypted passwords, security question answers, and other contact information such as postal mailing addresses. AOL. Although AOL says only 2% of their accounts are known to be affected so far, they recommend all AOL users change their account password. 2% may not sound like much, but with 120 million email accounts we are still talking millions of users.

If your account is being spoofed, you won’t see the messages in your sent box. However, you may start seeing returned mail messages that you never sent! There have been reports of spam coming as email accounts that have long been closed or abandoned.

Security Analyst Andrew Conway has been reporting on his issue on his blog. He has tied the spam to a hacker group known as “the Com Spammers”, so named because the “call to action” links in the emails redirect to disposable domain names in the format “com-xxxx.net” where the “xxxx” varies. If you find yourself at such a domain, exist ASAP!

The Com Spammers specialize in consumer fraud where the products are either a complete scam or the consumer thinks they are ordering once and instead they are charged monthly, and it is hard to get the charges reversed. Beware of any emails about diet pills, wrinkle cream or “work at home” offers.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>