If you get a suspicious email from an AOL user, it’s probably best to delete it. The service has apparently been compromised and some accounts are sending out spammy messages.
But rather than compromising actual accounts, it appears the scammers are just spoofing them. As AOL explained in a help page, “spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it.”
“These emails do not originate from AOL and do not have any contact with the AOL Mail system – their addresses are just edited to make them appear that way,” the company said. “The message actually originates from the spammer’s email account and is sent from the spammer’s email server.”
The easiest way to tell if you’ve been affected is if your inbox is littered with message bounce backs from emails you never sent. Or perhaps a friend or two has been kind enough to alert you to the spam messages your account appears to be sending. To determine if you’ve been hacked versus spoofed, check you sent messages: if there are sent emails you didn’t send, it’s a hack. If there’s nothing there, it’s a spoof.
AOL is urging users to change their passwords and be on the lookout for sketchy emails so they don’t fall prey to phishing scams.
“AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints,” the company said in a statement. “We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely.Users can find the latest updates on our AOL Help site, and should contact us if they believe their account is being spoofed.”
It appears the problem has been going on for about a week. AOL’s @aolmailhelp Twitter account has been responding to complaints from users since at least April 15, most of which direct users to the help page.
UPDATE: AOL on Monday said it would change its email policies to avoid delivery of spoofed messages. “AOL Mail is immediately changing its policy to help mail providers reject email messages that are sent using forged AOL Mail addresses,” the company said. “By initiating this change, AOL Mail, along with other major email providers will reject these spoofed email messages, rather than deliver them to the recipient’s inboxes.” More details are on its blog.