You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

AOL Passwords hacked from iPhone

I have had my AOL account for close to 15 years (since it's inception really). I've had a few problems wiht my password being hacked over the years, but nothing like what I'm going through now. I rarely check my email through their website - I use my iPhone 4S.


It all started when I was going through my AOL spam folder on my iPhone looking for a legitimate email from my lawyer. When I moved that message, it opened the next message (truly spam) that contained a link (and possibly an attachment...I don't remember). I NEVER open junk email on my phone, I usually just delete it. Next thing I know, my AOL account is sending rogue emails to every address I've got stored in my phone. It all happened in a 6 hour span. I changed my password, and updated it on my phone and thought all was good. Then I received an email from a friend that looked legit so I opened it. As soon as I did it, I knew it was a mistake, so the cycle started again. I've change my password at least three times since the second time and have used a random combination of letters (mix of upper and lower case), numbers and symbols 12 characters long, so I know it's not easy to hack, I keep having this problem daily unless I remove the account from my phone - in which case, everything is fine...the problem only seems to be present when I set up my account on my phone.


It seems like there's a keylogger or virus on my iPhone 4s. I've updated my OS, I've updated my computer, I've backed up my iPhone...what else can I do? Should I replace my iPhone, or delete my AOL account permanently and change to gmail? HELP!! I'm at my wits end and my friends are tired of getting strange emails from me!

iPhone 4S, iOS 7.1

Posted on Apr 14, 2014 8:15 PM

Reply
122 replies

Jun 7, 2014 4:08 AM in response to Lawrence Finch

Lawrence


Quite right! The email actually came from an address with a Samoan domain name!


I found the thread you mentioned on the DMARC site and its good that this problem has been made aware to the technical community - hopefully there will be a fix?


I contacted AOL Email Help and got the bland "reset password" reply - useless!


Is there anything else I should do with this rogue email? Report it as spam?

Jun 7, 2014 6:15 AM in response to lost100

Just report it as spam. I don't think there's anything that DMARC can do about this, as there is nothing in the header to take action on. The domain probably has a valid SPF and/or DKIM signature. It would be helpful if email client apps were less helpful, and would display the entire FROM field instead of just the sender name; then you could see immediately that it wasn't from who you think it was from.


As I suspected from the start, DMARC does not solve the problem of spoofed email addresses; it just adds additional burden to site operators who legitimately resend email (such as mailing lists). There is too much money to be made using spoofing for the perps to give up easily; no matter what solution providers try there will always be a workaround discovered pretty quickly, just as there was for SPF and DKIM.


The best solution is to educate users and provide some helpful hints. Gmail, for example, adds a warning to any incoming email where there is conflicting information in the header. Why don't all ISPs do that?

Sep 17, 2014 11:27 AM in response to asuguy184

I have had a similar problem,but for me it weirder I changed my passed once and I had recently changed it again. Due to some one hacked my AOL account and changed the password and this was due to me using the iPhone 5 Mail app. And it was sending emails to old emails that don't work no more and I'm receiving emails from sites I don't go on no more. So I was wondering how would I stop this from happening,

Sep 17, 2014 1:56 PM in response to Jazzimus_Rider32

Jazzimus_Rider32 wrote:


do you know any free software that might help protect my emails from it happening again.

I guess you didn't really understand what you were told then. There is no software free or otherwise to protect your iPhone since there is no malware that can harm you iPhone in any way unless you jailbreak it. Your email password was found in some other manner. Either you responded to a phishing request or somebody broke into your AOL account on the server.

Sep 17, 2014 2:42 PM in response to Jazzimus_Rider32

Jazzimus_Rider32 wrote:


i did understand what he meant so i asked if he knew any free software to protect phishing for my email on PC ingernal

The only "software" that can protect you from phishing is called common sense. In order for phishing emails to get any information from you, you have to click on a link and give them information. If you get any emails asking for you to update a password or a credit card or similar sensitive information, do NOT click on any links in the email. Type a known good link into your browser and check your settings from there. Contact the business by phone or email (again, by using a known good email address) and ask them if they made such a request. And, if anyone sends you an email asking for bank account information so they can send you 9 million dollars, delete it. 😉

Sep 17, 2014 4:00 PM in response to Jazzimus_Rider32

An e-mail account is not something that can be protected by software running on your computer. Think of it this way... suppose you keep some money hidden in a lockbox in a shed in your back yard. Now, suppose that someone has found it and figured out how to open it. Will installing an alarm system in your house help? No, because the money isn't in the house, it's in the shed.


Your e-mail resides on an e-mail server (analogous to the shed). E-mail accounts are often hacked through attacks of varying kinds on the server, and that means your computer and your iPhone are not involved. To prevent these kinds of attacks, use a strong password (longer is better) on your e-mail account, and if your e-mail provider offers any additional security measures for logging in to your account, such as two-factor authentication, use it. Change your security question answers to something nonsensical. (For example, "What is your mother's maiden name?" "flapjack skyscrapers")


Another way that your e-mail can get hacked, as has been pointed out, is if you fall for a phishing scam. There is no software on Earth that can reliably protect you against phishing scams... you simply have to use your own "filters" by training yourself in skepticism and secure treatment of e-mails... notably, being cautious about clicking links in e-mail messages, and more so, cautious about providing sensitive information on the page that an e-mail link takes you to.

Dec 14, 2014 1:47 AM in response to thomas_r.

HI.


im having an issue with my aol account as well. i have been a long time member of aol over 10 years now. i got a message while signing

in my email saying there have been unusual activties on this account please change your password. So i continued but i couldnt remember

what email account i kept as my alternative email because i have only one other email and it kept telling me it was incorrect, and when i tried

putting my other information it was also wrong i dont know if it was changed or i just cant remember what it was, i tried everything!!! peolple have

been getting spam mail from me now.


i contacted AOL first by phone waited forever but no answer. then i emailed them and i got a response yet it was unhelful because i told them

exactly what i am telling you and their help was giving me a link to go and reset my password !!! lol how is that helpful when im explainimg to them

i tried that and it wasnt working due to the fact that i cant remember the answers or it has been changed. Anyway i sent a longer email and never got a response back!


i asked a tech guy to help but he couldnt find a solution. i would be very happy if i can just get back into my email but if that is not possible

i just want to deleted my account permanently with all my contacts and emails deleted i dont mind at this point. because its really frustrating. Is that an option in my situation?


please someone help me 😟

Dec 14, 2014 4:59 AM in response to Aysha84

This is an AOL issue, and not something we can help with. If you cannot log on to your account to change the password normally, and you cannot reset the password because you don't have all the required information, only AOL can help you.


Unfortunately, it's possible that they won't be able to help you, for security reasons. After all, think about it from their point of view... if you don't know key information about the account, how do they know you're actually the owner of the account? If you are able to talk one of their techs into resetting the password for you without providing adequate identifying information - and I'm talking about information that couldn't be obtained by someone stalking you online, from your Facebook page or public records or the like - then that represents a very serious security problem, and you should move away from AOL and to a more secure e-mail provider as quickly as possible.

Dec 14, 2014 5:09 AM in response to Aysha84

Aysha84 wrote:


exactly what i am telling you and their help was giving me a link to go and reset my password !!! lol how is that helpful when im explainimg to them

i tried that and it wasnt working due to the fact that i cant remember the answers or it has been changed. Anyway i sent a longer email and never got a response back!


😟


You've gotten your answer. If you can't reset your password because you forgotten your security answers, that's the end of the story.


Imagine this: You hire a security guard to protect your house. You give the security guard explicit instructions to only allow people inside if they have the key, and if they do not have the key, they have to answer a secret question, and the answer is 'banana'.


One day, you lose your key. You can't find it anywhere. So, to get access back to your house, you go to the security guard, who asks you the secret question, and you can't remember what you told him the answer was. Now, he's got a photographic memory. He will never forget the answer (he even has it written down in his pocket). So, the security guard is doing EXACTLY what you told him to do.


Now, is it the fault of the security guard for doing EXACTLY what you told him to do, or is it your fault for losing your house key and forgetting your secret answer?


PROTIP: It's YOUR fault.

Dec 14, 2014 7:35 AM in response to AmishCake

no they didnt just send me a link. it was a proper email explaining how to reset my passwords.

i emailed them through the aol website.


AOL Mail Team <AOLMailQuestions@aol.com>

Dec 10 (4 days ago)

Good Day,

We would like to thank you very much for your email and for giving us the chance to offer our assistance.


I'm sorry to learn that you are experiencing this situation.


Don't worry; there are steps you can take to secure your account. Please visit our help articlehttp://mail.security.aol.com/hacked-accounts#warning

This article will walk you through three crucial components necessary to secure your account:


- Resetting your AOL password.

- Creating or resetting your Account Security Question.

- Obtaining or updating your antivirus software.


The article also provides a few helpful tips on keeping your account secure.


Please reply to this email to let me know if you need further assistance and if everything is ok once you went through all the steps presented above. Thank you.


Best regards,
Danny
AOL Email Support Team

Dec 15, 2014 6:06 AM in response to Aysha84

Aysha84 wrote:


i know its obviously not their fault at all. (i never said it was ---> TJBUSMC1973)


thank you thomas_r for you polite response 🙂


Sorry, but I'm not inclined to hold someone's hand and soothe them when they haven't taken any personal responsibility for protecting their account, either by making sure they know their recovery information, educate themselves on how to avoid phishing scams, etcetera. The internet is not a new invention. It's been around for a while. There are literally thousands of resources available for you to learn how to protect yourself online.


Additionally, you having an issue with your AOL password is an AOL issue. I have no idea why you're even bothering to post on the Apple Community Forum. Why, exactly, did you think that this forum is an appropriate place to get support for an issue with your AOL account?

Dec 15, 2014 6:29 AM in response to Aysha84

I wasn't referring to the email you got from AOL explaining how to reset your password. I was referring to the message you said you got that said there were suspicious activities on your account. Here, in your own words:


"i got a message while signing

in my email saying there have been unusual activties on this account please change your password. So i continued but i couldnt remember

what email account i kept as my alternative email because i have only one other email and it kept telling me it was incorrect, and when i tried

putting my other information it was also wrong"


THAT message was a phishing message, and all info you entered there was stolen. THAT is why it was marked incorrect; it most likely WAS correct but the people phishing for your info marked it incorrect so they could steal it from you. You've been duped.

AOL Passwords hacked from iPhone

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.