People Connection Blog
feed SUBSCRIBE to our RSS Feed.

AOL Member Directory Profiles - Password Phishing Alert

[Update 8/31: A number of profiles that have been compromised are now carrying a "dating site," which users have not inserted on their profile. Pictured below is what one of these might look like:]


This is a profile that was compromised by a spammer. Read more below to learn how to fix it.


We're aware of a number of Member Directory profiles that appear to be compromised. These compromised profiles are being used by spammers; more importantly, some accounts are being used by "password phishers" to direct people to fake AOL Web site (in this case, a fake AOL Pictures Web site), in an attempt to steal your account password. Here is how you can spot the fakes, as well as what we're doing about it.

The compromised profiles have an "AOL Pictures" image and a link to a fake AOL Pictures Web site. The fake links are in the "About Me" tab of the profiles, whereas the real embedded AOL Pictures galleries are in the "Pictures" tab. Here's what they look like:

This is a picture comparing the fake AOL Pictures link and the legigimate AOL Pictures tab in a profile.
Example of phished (top) and legitimate (bottom) AOL Member Directory Profiles.

The link takes the user to page that looks very much like an AOL sign-in page, then redirects them to the legitimate AOL Pictures site after it gets your password.

Keep in mind, while this particular password stealing attempt uses a fake AOL Pictures site, there are also variations. The best way to ensure that you're going to a legitimate AOL Web site is to look at the full Web address in the link, and in your Web browser's address bar when you get to the site. If you have any doubts as to whether you're at a legitimate AOL site or not, don't enter your login information.

If you think your account may have been compromised (that is, if you think you've given your password to a fake site), I strongly recommend that you go to AOL Keyword: Billing (or https://bill.aol.com) and:

* Change your passwords
* Update your Account Security Question (ASQ)
* Look at the screen names on your account and delete any unauthorized names from your account.
* Perform a virus scan on your computer. A lot of phishing sites will attempt to deliver a virus or password stealer on your computer. If you don't have updated anti-virus software, AOL provides McAfee VirusScan Plus for free.

Once your account is secured, if your profile was compromised, you'll probably want to reset your profile. It's easy to do:
  1. Click Edit My Profile located on the top of your profile.
  2. Click Settings, located on the left side.
  3. Click Reset Profile.
Then you can edit your profile with whatever comes to your mind (and doesn't violate the guidelines).

To upload pictures to your profile, click the Pictures link on the left side, then click "Add Pictures." When you upload your pictures, they will be available on the Pictures tab on the top.

Safety is a very important topic for us, and covers many areas such as your Instant Messaging, as well as products such as AOL Member Directory Profiles. We are currently taking steps to identify potentially compromised accounts and block spam sites.

If you see a profile that you suspect is a spam profile or part of a password stealing scam, you can report it by clicking the "Notify AOL" link in the left column.

Reader Comments (Page 1 of 1)

Blog Search

Subscribe to this Blog Feed by Mail

Enter Your Email Address

Delivered by FeedBurner