A flood of emails seemingly from AOL addresses has hit inboxes around the world, as the company locks down its email service and investigates whether customer accounts have been hacked.
The Register reports that the spam, which is diet-themed, seems to originate from an intensive “spoofing” attack. The site joked that the flood of email from AOL may have made some users feel they had “fallen into a time rift, and it’s the Nineties.”
AOL has posted a page to help consumers, and explains, “"spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it."
PC Mag reports that the company said: "These emails do not originate from AOL and do not have any contact with the AOL Mail system – their addresses are just edited to make them appear that way. The message actually originates from the spammer's email account and is sent from the spammer's email server."
PC World advises that the easiest way to tell if you’ve been affected by the AOL diet spam is to look for “bounce backs” from emails you did not send, but instead were sent by the “spoofed” address.
It’s still unclear if any AOL accounts actually have been hacked. USA Today reports that some users reported via Twitter that their accounts had been hacked.
In a blog post, AOL said, "Today we moved to change our DMARC policy to p=reject. This helps to protect AOL Mail users' addresses from unauthorized use. It also stops delivery on what previously would have been considered authorized mail sent on behalf of AOL Mail users via non-AOL servers. If you're a bulk sender on behalf of AOL addresses, that probably includes mail sent from you."
"AOL takes the safety and security of consumers very seriously, and we are actively addressing consumer complaints. We are working to resolve the issue of account spoofing to keep users and their respective accounts running smoothly and securely."