AOL alerted customers in April that emails reporting an "AOL Billing Problem" or titled "AOL Rewards," for example, were tricking recipients into visiting a non-AOL Web site.
Once at the Web site, users were asked to enter their usernames and passwords to receive special offers. The AOL users' accounts were then accessed by the unauthorized parties and used to send spam or commit other fraud, the company said.
Although AOL says it posted warning notices about the spam on several areas of its service, some if its 18 million subscribers continue to be duped.
The Spam Recycling Center, which forwards suspicious spam to the Federal Trade Commission, issued its own alert about the scam today after it received more than 1,300 submissions of the message targeting AOL users during the past few weeks.
"What surprised us was both the number of spams sent to us by AOL users and the spoofed AOL Web sites--at first blush, they are pretty good," said Anthony Phipps, of ChooseYourMail, an "opt in" email marketing firm that set up the Spam Recycling Center.
Unsolicited bulk email is one of the most detested--yet hard to combat--problems plaguing the Net. It clogs Net users' email boxes and service providers' networks. For the past few years, Congress has considered, but never passed, legislation to ban spam, or to require that senders label their messages and remove people from their mailing lists upon request.
AOL, which has won groundbreaking lawsuits against spammers who trespassed on its network, has no idea how many users have unwittingly given up their account pass codes as a result of the scam. Although the company always is in the process of educating its customers about junk email offers, spam still continues to hit AOL's proprietary service as well as its instant messaging service.
"We have told them to beware of emails with hyperlinks, and that AOL will never ask them for a username, password, or billing information via email or instant messaging," AOL spokesman Rich D'Amato said. "It is all part of our ongoing efforts to do away with spam."
AOL works with other Net access providers to combat spammers. In addition, when AOL notices that an account is sending email out to scores of recipients, which it suspects is spam, it will shut the account down.
That protocol is how Gregory Walter, a construction manager in South Holland, Illinois, discovered that his account had been hijacked by spammers.
Walter tried to log on to his AOL account about two weeks ago but was locked out. When he called AOL, he was told that his account was disabled because it was used to send spam. This was just two days after Walter had responded to one of the emails offering a free month of AOL.
"Whoever stole my password sent out about 7,000 emails one evening," Walter said.
Although the spammers' Web sites have been taken down, the Spam Recycling Center is advising AOL users to not respond to emails with the subjects "AOL giving FREE INTERNET ACCESS!" and "AOL Christmas Special."
The email Walter and others responded to stated: "AOL apologizes for this inconvenience, and we do assure better and faster service for each and everyone [sic] of our members. As a result of this, the staff at AOL is proud to announce that during our short update on your account, members who submit their information promptly will receive one month [of] FREE Internet Access!"
To play it safe, users should never respond to unsolicited bulk email or give out their passwords, according to AOL and the Spam Recycling Center.
"That should cause a red flag," AOL's D'Amato said.