AOL Phishing Email

Hi, Here is an email that looks like it came from the AOL member services department, but notice some of the wording. I doubt very much that AOL would "Demand that you take 3 minutes out of your online experience and renew your records." Also notice the grammar, especially in the last paragraph. Obviously somebody trying to get some personal information out of me. I am posting just to warn other people.

AOL Member Services

Dear AOL Account Holder,
During our regularly scheduled account maintenance and verification procedures, we were unable to verify your account information. This might be due to either one of the following reasons:

1. A recent change in your personal information (ie change of address).
2. Submitting invalid information during the initial enrollment process.
3. An inability to accurately verify your account information due to an internal error within our processors.

We demand that you take 3 minutes out of your online experience and renew your records to avoid running into any future problems with the online service.

However, failure to update your records will result in your account suspension. Once you have updated your account records your internet service will not be interrupted and will continue as normal.
We encourage you to connect to your account and confirm your information, by clicking the secured url below :
http://www.aol.com/_cqr/login/index.php ... 93745&us=1
*Important*
We have asked few additional information which is going to be the part of secure login process. So, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.

Thank you for your patience.
Sincerely, AOL Customer Service
© 2008 America Online, Inc. All Rights Reserved.

I don't know if you can get ip addresses from aol mail, but here is the information from the "view message source"

X-AOL-UID: 3370.1010847153
X-AOL-DATE: Wed, 10 Dec 2008 8:49:51 PM Eastern Standard Time
Return-Path: <[email protected]>
Received: from rly-da02.mx.aol.com (rly-da02.mail.aol.com [172.19.129.76]) by air-da09.mail.aol.com (v121_r4.4) with ESMTP id MAILINDA091-a54494071bd280; Wed, 10 Dec 2008 20:49:51 -0500
Received: from omr14.networksolutionsemail.com (omr14.networksolutionsemail.com [205.178.146.64]) by rly-da02.mx.aol.com (v121_r4.4) with ESMTP id MAILRELAYINDA024-a54494071bd280; Wed, 10 Dec 2008 20:49:49 -0500
Received: from vux.bos.netsolhost.com ([10.49.38.131])
by omr14.networksolutionsemail.com (8.13.6/8.13.6) with ESMTP id mBB1nnns009933
for <[email protected]>; Wed, 10 Dec 2008 20:49:49 -0500
Received: from vux4.mgt.hosting.dc2.netsol.com (smmsp@localhost [127.0.0.1])
by vux.bos.netsolhost.com (8.13.7/8.13.7) with ESMTP id mBB1jvul006485
for <[email protected]>; Wed, 10 Dec 2008 20:49:49 -0500
Received: (from 1714800.1850704@localhost)
by vux4.mgt.hosting.dc2.netsol.com (8.13.7/8.13.7/Submit) id mBB1iSFA004800;
Wed, 10 Dec 2008 20:44:28 -0500
Date: Wed, 10 Dec 2008 20:44:28 -0500
Message-Id: <[email protected]>
To: [email protected]
Subject: Your AOL access will be blocked. Please resubmit your billing records
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: [email protected]
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by omr14.networksolutionsemail.com id mBB1nnns009933
X-AOL-IP: 205.178.146.64
X-Mailer: Unknown (No Version)

Hi Harvest, thanks for posting,

The information you have supplied may prevent some scams so well done.

Your question about IP addresses and forgive me if you already know some of this, what you had posted was a header, these are an important piece of information that can tell us lots of things, the header posted above leads me to the US, which may mean you have inadvertantly given me your or a friends header


If that is the case, ensure you have the original email from the scammer and again get the header, make sure it has not been forwarded otherwise we will get the IP of the person who has forwarded it to you.

Now, once you have the header, open this site http://headertool.apelord.com/headers
Paste the header in there and click check headers, the location will usually be the bottom location on the list that comes up.

If you have any trouble, next time you are at the 419eater take a look at the Romance baiting sticky which has a variety of information but also a section on headers or of course you can ask here as well.

I doubt very much that AOL would "Demand that you take 3 minutes out of your online experience

I've even seen that phrase in bank phishing emails. Which is even more unlikely.

Thanks Ralph. That is the header that I came up in AOL when I clicked on the "view email source" or something like that. I checked the IP's in that header and also came up with the US. I am not sure if you can get the IP address when using AOL mail. I don't use that account very often.

using this link http://spamcop.net/fom-serve/cache/19.html I was able to find a link to finding header with AOL, unfortunately there was no information there.

I have done a google search on "AOL show header" without the quote and found this site http://email.about.com/od/aoltips/qt/et071206.htm according to that site, the instructions are below

View all Internet Headers in AOL
To see all internet header lines of an email in AOL:

Open the desired email message.
Make sure it reads Sent from the Internet near the top.
Click Details next to that phrase

As I dont use AOL myself I cant check it out so please let me know if it works

Hi Ralph, Unfortunately I deleted the email, so I couldn't go back and check the header. But I did try to check for the headers on some other pieces and mail and couldn't find any place where it said "sent from internet". It might be because I am just check aol mail via the internet and not actually using the aol program. Thanks for checking anyway.

Chipping in here.

As well as the wording in the message, which both HarvestMoon and Mr Tambourine Man picked up on, no reputable organization, like your bank, PayPal or AOL would send an email addressed to "Dear Account Holder" and ask you go online to enter your details.

Like most people, every now and again I get a spam email pretending to be from my bank telling me that there's a problem with my on-line banking or credit card and, even though I've been involved in these things for a while, if the email is a plausible one my first instinctive reaction is sometimes "Oh, there's a problem with my bank account". It only lasts for a fraction of a second before logic reasserts itself and my thinking brain says "It's another scam email".

These scammers are very clever and they rely on that instinctive reaction we all have to protect our accounts and do what our bank asks to make ourselves safe on-line and able to access our money..

If you have an account your bank (or whoever) know who you are and they will write to you using your name - so a generic like "Dear Account Holder" is a good indication that the email is a scam.

If you are unsure, go to the website of the organization you belong to and from whom the email says it comes (do NOT click on the link in any emails - they could take you to a fake website). Type the web address of the organization you belong to into the address bar of your browser (the web address will usually be on a bill or a letter from them) and contact them telling them about the communication you have had and ask them if there is a problem. Or call them (again, make sure you use the real number).

http://www.aol.com/_cqr/login/index.php ... 93745&us=1 has been "taken care of".


link removed - julia