Do you want to make a lot of money quick? Set up a phishing site (most of them can be made overnight with easy-to-use, affordable tools) then just send AOLers email asking them to “visit AOL” to update their accounts. That’s all. You’ll probably be rich in a week.
That’s right, I’m suggesting you steal. AOL won’t stop you just because I’m pointing out how easy it is to do. AOL ignores most phishing on their email servers even when Marcus of Singing Fish complains about it (as I mentioned in AOL Now the Largest Free Proxy Site in the World), even when other bloggers bring it up, even when Big Media is all over it in droves. Wanna steal from them? Go for it. I’ll even show you how it’s done.
By the way, the title of this post is inaccurate. That reader didn’t write to me saying he was being phished at all. That’s what scares me.
AOLers are so uneducated about the Web that the ways to take advantage of their ignorance are almost endless. Kenneth wrote to me today:
Why did I get the notice below, what needs to be updated in my account?
First of all, if you see enough of these things, you learn all the little warning signs. The punctuation in the opening line is misplaced. The grammar is stilted, more like a foreigner wrote the email than a member of the AOL Billing Department. The email makes implausible claims, which might or might not take a sharp eye to catch. For instance:
“Once you have updated your account records, your AOL session will not be interrupted and will continue as normal.”
AOL will never “interrupt your session” to make you update your account. If they send you an email about it, it won’t look like that one.
If that isn’t enough clues for you, there’s more. You can hover your mouse over the link in the email (like I did) and see clearly that the link is to pageantgirl.com, not aol.com.
If that isn’t enough to convince you, you can right-click the link and copy and paste it into Notepad or Wordpad to get a clear idea of how hard some people will work just to screw you over.
If that isn’t enough proof, check the “Source” of the email, which proves that what you’ve got on your hands isn’t a polite warning from AOL, but cleverly disguised bait from someone out to steal everything you own.
AOLers don’t know to check for the warning signs of being phished, because AOLers don’t even know what phishing is. They don’t know that there’s people out there who spend their lives devising cruel, sneaky ways to steal their money and their lives just by clicking on a link in an email.
Why not? Because AOL never told them, that’s why not. AOL doesn’t care what happens to you or your damn email or your entire life. Just pay the bill and don’t ask too many questions…all their call centers are in India or the Caribbean, anyway, so those guys won’t have the answers.
The site is hosted on the first link in this post, which explains to their customers just how easy it is to phish anyone with their tools.
Not bad for a fake, huh? What do you guys over at AOL think?