You’ve Got Mail — But it Might be a ‘Spoof’

As Internet users everywhere are on heightened alert following the discovery of the password-compromising Heartbleed bug earlier this month, it appears as though some web surfers just can’t catch a break. This weekend, news of a potential AOL Mail breach came to light, with users airing their frustrations on Twitter using the hashtag #AOLhacked. It turns out, however, that the AOL system was not hacked, but rather spammers have been sending “spoof” messages appearing to originate from AOL Mail accounts.

What, exactly, is spoofing?

Spoofing is when a spammer sends out emails that have your address in the “From:” field, making it appear as though the message comes from you. Here’s the clincher, though—according to AOL, these emails do not actually originate from AOL Mail user accounts and do not have any contact with the AOL Mail servers.

This differs from a breach or a more traditional email account hack in that the spammers are not actually logging into AOL user accounts to craft and distribute malicious messages. In reality, it is the spammer’s email address and servers that are being used to send the message, though they’ve made it appear as though the messages are originating from a legitimate sender, in this case AOL.

Unfortunately, this means that even if AOL users change their account passwords, these “spoof” messages can continue to be sent, as their address book contacts have likely been recorded.

How did spammers get access to AOL Mail address books in the first place?

This much is presently unclear. Though spammers are not logging into the compromised AOL user accounts, they are sending “spoof” messages to these users’ real address book contacts. Based on this, it appears as though these spammers were able to gain access to AOL accounts at some point in time. AOL has yet to offer an explanation on how spammers obtained a list of AOL Mail user names and the address book contacts associated with each account.

How can you tell if you’re being spoofed?

If you receive any “mailer daemon” error messages (returned messages in your inbox due to a non-existent contact, old email address, etc.) that do not coincide with emails you sent yourself, you may have been spoofed. Additionally, if you receive email replies from address book contacts that you did not originally email, you may be spoofed.

Spoofed users will not see any messages in their Sent Mail folder, which is generally an indicator that an account has been hacked. Again, this is because cybercriminals do not actually use your AOL account to send these spoof messages, they simply take advantage of your email address and contacts while using their own servers.

How can you stop a spoofing attack?

Luckily, AOL has taken measures to help users avoid “spoofing” their contacts with unwanted, spammy messages.  On April 22, they updated their DMARC policy to tell DMARC-compliant email providers such as Gmail, Yahoo! Mail, Outlook and others (including AOL Mail itself) to reject email from AOL addresses that are sent from non-AOL servers. This will help protect AOL Mail users’ email addresses from further unauthorized abuse. Additionally, AOL has recommended that all victims change their AOL Mail passwords to prevent future unwanted account access.

How can you protect your accounts and computers from getting spoofed or falling victim to “spoof” messages?

  • Strengthen your passwords. Your password is the baseline defense against cybercriminal activity. In order to best protect against hackers, use a combination of upper and lower case letters, numbers, and special characters. You should also refrain from using the same password across multiple accounts. With World Password Day coming up on May 7, this is a good time to make sure you have a strong password.
  • Change your passwords multiple times a year. As easy as it is to set it and forget it, it’s extremely important to refresh your passwords on a regular basis—ideally every 3-6 months.
  • Think twice before clicking any links. Be wary of clinking on links sent to you over email, text message or social media sites—especially if they’re coupled with a spammy looking message. In “social attacks,” cybercriminals rely on your inherent instinct to trust the information shared by your network of friends. The sharing of malicious links via email, text and social media is one of the primary methods that cybercriminals use for installing malware on your device.
  • Install comprehensive security software on all of your devices. The best thing you can do to protect yourself against social attacks is install comprehensive security software. McAfee® SiteAdvisor®, which comes with McAfee LiveSafe™ service, provides color-coded ratings on the safety of your browser’s search results and external links found in your Facebook, Google+ and LinkedIn streams when viewing from your PC or Mac. As well, when used on a mobile device, PC, or Mac, McAfee SiteAdvisor also provides a warning message after you click, but before taking you to a site, if the link appears harmful.


 Gary Davis

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top