AOL warns members to keep passwords under wraps

The Internet service provider is implementing new safeguards to curb email scams bent on prying account information out of its members.

Jim Hu Staff Writer, CNET News.com
Jim Hu
covers home broadband services and the Net's portal giants.
Jim Hu
3 min read
America Online is implementing new safeguards to curb email scams bent on prying account information out of its members.

The online giant has sent emails about a new feature, "Official AOL Mail." Emails sent to members by the company will be color-coded to distinguish themselves from malicious emails disguised as AOL alerts, representatives for the company said.

Official AOL emails will come with blue envelope icons in members' in-boxes. Once opened, the messages will have light blue borders behind the mail buttons in the messages and seals in the lower left-hand corners that say "Official AOL Mail."

"They're like watermarks and a way in which members know what they're receiving is from us," said Tricia Primrose, an AOL spokeswoman.

The move is an attempt to curb account "phishing," a practice employed by email scammers to trick members into divulging their passwords or credit card numbers.

Many times these emails come disguised as correspondence from AOL's billing department informing members that their passwords have expired. Duped people would enter their passwords into the emails and send them back to the scammer. This is one technique that account crackers have used to compromise accounts or steal credit card numbers.

Just this week, Wichita, Kan., police arrested two 15-year-olds for allegedly stealing credit card numbers from AOL members and then purchasing thousands of dollars of goods online. An officer involved in the case said the two teenagers allegedly sent phony emails signed with AOL chief executive Steve Case's name to members, asking them to go to a Web site to update their information. The site requested information such as credit card numbers.

"We served a couple of search warrants, and we did arrest two juveniles for alleged computer crimes," said Lt. Tom Spencer of the Wichita Police Department.

Wichita police were notified of the supposed scam by investigators in other states, where victims reported their credit cards had been compromised.

The teenagers have not been charged, Spencer said.

"Unfortunately, the incident with the teenagers is an example of the types of scams we see, and all the more reason why a product like Official AOL Mail will be an important resource for both the company and for our members," AOL's Primrose said about the arrests.

AOL has been targeted by account crackers and con artists with some success. Earlier this month, AOL confirmed that hackers illegally broke into 200 of its member accounts by sending company employees an email virus. The virus targeted employees authorized to review and edit account data, including credit card information and passwords. AOL did not say what kind of information was compromised by the attack.

Crackers have also managed to take over accounts by tricking customer service representatives into giving out confidential information. It is possible for a cracker to reset an account password by contacting AOL customer service and impersonating the account holder.

Primrose added that AOL correspondences will never ask for member passwords or account information. AOL also warns its members never to open attachments from strangers and never to divulge account information via email or in chat rooms.