I recently had a client forward an email to me. The email told her she had to confirm her agreement to the AOL Terms of Service, or she could no longer use her email account. She was concerned that her email would get cut off. She had nothing to worry about.

The email she got was a typical phishing email. That means it was just trying to trick her into clicking through and giving out her email password, which would give the scammer control over her email account.

I wanted to show you this actual email, and how it was identifiable as a scam.

The email she received supposedly came from AOL. But look at the “From” address:

If an email comes from the actual AOL, the email address will end with “@aol.com”. This one ends with “prodigy.net.mx” which indicates that the sender is not only NOT with AOL, he’s also somewhere in Mexico, using the ancient Prodigy email service.

The second big giveaway are the links in the email. In the screenshot below, you can see that there are 6 links:

Guess what – every one of those links goes to the same place. They don’t care which one you click on, they just want you to click.

That’s the one mistake my client made – she clicked on the link to see where it took her. You should never click on ANY link if you are not sure of where that link goes. Which brings up the question that I get sometimes: “Well how can I know where a link goes if I don’t click on it??”. Great question.

You RIGHT-click on the link, then choose “Copy hyperlink” or something similar.

Then, you open NotePad on your computer. In the blank area, do a right click and choose “Paste”. That will display the actual website address where that link would have taken you to. In this case, this was the link’s destination:

Hmmm…doesn’t really look like an AOL website address, does it? It’s not.

What the scammer did is create a fake form in Excel, and just uploaded it to his OneDrive account. This scammer is really lazy. But guess what – he doesn’t really HAVE to put a lot of effort into concealing the fake nature of this, because people still fall for it. This is what the fake form looked like (anyone can create these, for free):

You can see it’s pretty basic. When you fill out this form with your email address and password, now he has your login information.

And the irony is right there at the bottom of the form – Microsoft (who owns OneDrive) knows that their forms are often used for this scam, so they put the warning on every one – “Never give out your password.” Not to mention grammatical errors that are a common clue. But some people still type in their password because they just assume it’s real.

Fortunately, my client did not enter her password. Instead, she became suspicious and forwarded the email to me so I could check it out. You are welcome to do the same thing, if you get one you’re not sure about – just forward it to me at [email protected].