Mind Chasers Inc.
Mind Chasers Inc.

Hackers hijack AOL and other email accounts

Review of how cloud based email accounts are being hacked and what you can do to prevent it

X-ray Engineering Services

Well, I just received another one of those AOL spam emails from someone who highjacked an AOL email address. Have you received one or more of these? For me, they're almost always the same: no subject, approximately 7 email addresses in the recipient list, and a single link for the email body. The link always leads to a bogus sales page disguised as something legitimate where they're selling something for ED, libido, or energy. Today, I received one from my local car dealer's AOL email address that has a link for African Mangos! Yes, African Mangos, the new miracle weight-loss supplement.

As you can see in the screen shot below, the page is nicely dressed up to look like a Fox News page with an URL that uses an fxnarticle.com domain. It appears that they ripped off all the Fox News graphics and decided to host them on their own page to try and fool users.

In case you're not following the scam, someone hacked into this person's email account and sent out an email to everyone in their address book. The AOL hacker hopes that I'll think my friend is sending me a recommendation and subsequently enter my credit card information on their order page so I can have my identity stolen and my credit card run up (yes, it's possible that they'll actually send me some mangoes, but I'm not willing to test this out)

As far as I know, this same scam has been going on with AOL email accounts for at least a few years. I'm sure other email service providers get hacked, but AOL is the one I see hacked, almost on a weekly basis.

But rather than just delete the email, let's dig a little deeper...

Let's start by doing a whois on fxnarticle.com (note, I'm dashing over the last name and email address):

Well, that's not surprising, our mango entrepreneur is located in Russia. For fun, Let's click the link to place an order to see where it takes us. Don't worry, I'm going to clear out all the cookies this guy is storing on my PC as soon as I'm finished writing this blog entry. How about that, I'm sent to another domain: buymangotrimultra.com, and you guessed it: the owner of this site is also Vlad in Russia. And yes, this site is indeed storing cookies in my browser, so it's time to clean my cache / history.

If you're like me, then you're wondering how did Vlad from Russia hack into this email account? From talking with people that have had their email address used in this scam, it appears that the AOL user was using a weak password, and the hacker simply guessed it, maybe with a brute force attack that took a long time. The lesson to be learned here is to always use a strong password.

Please let us know below if you have any further information on this particular scam.

Didn't find an answer to your question? Post your issue below or in our new FORUM, and we'll try our best to help you find a solution.

And please note that we update our site daily with new content related to our open source approach to network security and system design. If you would like to be notified about these changes, then please join our mailing list.

subscribe to mailing list:

Please help us improve this article by adding your comment or question:

your email address will be kept private
authenticate with a 3rd party for enhanced features, such as image upload
previous month
next month