AOL users love telling the world about themselves, judging by the personal profiles many publish in that service's online directory. But some AOL users have discovered recently that their profiles are saying things they would never repeat in polite company.
I was alerted to the unsettling phenomenon by reader Steve Wilson, who wrote: "The past few weeks, I've noticed links to porn sites and spyware installers in the 'personal quote' field [of some friends'] AOL profiles. They appear there without the member's permission."
A spokesperson for the ISP says that online criminals may be stealing AOL users' account passwords and using the profiles to advertise their sleazy wares.
The personal quotes section is just one of several user profile fields you can modify, but it gets a lot of attention from bad guys because AOL lets you style the personal quote portion with embedded images and links to outside Web sites. The profiles show up in AOL's member directory Web pages, which the scammers can use to advertise to unsuspecting Web surfers.
Malicious hackers can get access to your profile page in a couple of ways, says AOL spokesperson Andrew Weinstein. Some Trojan horse programs, spread through regular e-mail or through AOL's instant messaging service, can log keystrokes as an AOL subscriber enters their user name and password. And people still fall for phishing scams--e-mail messages that claim to be from AOL, ask users to update their log-in information, and then deliver the information to a cybercriminal. Once someone gets your password, that person can do anything with your account that you could, including add their sleazy billboards to your profile.
The hijacking of profiles isn't limited to AOL. It can happen on "any online service that lets you publish a personal profile," Weinstein points out.
If you find something in your profile that you didn't put there, you need to perform a full-system virus scan to determine whether there's a Trojan horse or other piece of malware on your system. Weinstein recommends that you change your password by going to AOL keyword: Password. AOL also wants to investigate these kinds of security breaches, so Weinstein asks that you alert its security team by going to keyword: Notify AOL.
The best way to keep your profile from being hijacked is to follow typical security procedures: Keep your antivirus software up-to-date and run a software firewall; don't click on unsolicited links in instant messages; and never give your AOL password to anyone, even someone who claims to be an AOL employee. Your online reputation is at stake.