If hacking is mysterious to you and something only the most elite hackers can do, this blog post might disappoint you.
Yesterday, my AOL email was hacked into. I realized almost right away when it happened, so I changed my password before too much damage could be done. How could my AOL get hacked into, especially me, who has enough technical knowedge to have a GitHub blog, work as a software engineer, and am going to school for my master’s in computer science? It involved a bit of social engineering. Here’s how it happened:
I recevied the following email from a colleague:
Can not show full mail body.
You will see it when pressing here
Aol error number: 466427 (Wed Jul 27 8:07:01 2016)
Seemed innocent enough, but I was a little suspicous. I didn’t even click on the link at first. I don’t think the person who sent it to me is too technically literate, so I figured they somehow messed up sending an email, and thus the error message.
Once I clicked on the link, it took me to the following webpage (also, note that I was on mobile):
Looks completely legit, right? If I was paying more attention, I would’ve noticed the URL was wrong. It should at least have “aol.com” in it somewhere. This URL is just a bunch of numbers. I didn’t notice this, so I typed my email and password in. Once I clicked “Sign In” it took to some news article. I closed the page. I was a bit confused for a second before I realized what I had just done.
I immediately changed my AOL password. Thankfully, my AOL password was different than any other password I use. A couple emails identical to the one I received were sent from my AOL to other AOL email addressed in my address book, but other than that, little damage was done.
Oh, and yes, I still use AOL. That email address is old enough not only to vote, but also to drink. I don’t pay for it, though.