Welcome to the MacNN Forums.

nine11always · May 20, 2006, 10:59 PM

My company has an AOL email account which only one person is supposed to have access to. I believe someone else other than myself is accessing this account from a remote computer.

If I call AOL support, soes anyone know if they can tell me what time & day our email is being accessed? I'd call right now but don't want to be on hold FOREVER!

Spliffdaddy · May 21, 2006, 01:15 AM

change the password?

nine11always · May 21, 2006, 01:17 AM

We keep doing it...

Spliffdaddy · May 21, 2006, 01:24 AM

hmm....what clues give you the impression that the AOL mail is being accessed by another person?

Big Mac · May 21, 2006, 08:33 AM

AOL previously had terrible security, but I think things may have improved in more recent times. In order to provide additional security, AOL began offering SecurID tokens to normal users. If you think your account has been hacked, verify your own computer's security (particularly if it's a PC) and then look into upgrading your account to PassCode security.

turtle777 · May 21, 2006, 08:34 AM

If you keep changing the password, you are the only one who knows, and you still think someone is accessing it, there is only one plausible explanation: paranoia !

-t

Big Mac · May 21, 2006, 08:34 AM

Originally Posted by what_the_heck

If you keep changing the password, you are the only one who knows, and you still think someone is accessing it, there is only one plausible explanation: paranoia !

Untrue, either his system's or AOL's security may have been compromised.

turtle777 · May 21, 2006, 08:39 AM

Originally Posted by Big Mac

Untrue, either his system's or AOL's security may have been compromised.

In a way that a password is NOT necessary at all to access his email ?

Just dump AOL, I mean, whoTF uses AOL for business ?

-t

Big Mac · May 21, 2006, 08:52 AM

No, I'm saying the password may have been acquired on more than one occasion. It happened to the legacy AOL address of my father's corporation in the '90s. The account was hacked once, and then later on our access was suspended and we were contacted by a special AOL security team because they found out a second hacking was going to occur. The two of us who had the password practiced safe password techniques and only ran the software from one Mac, yet they were still able to circumvent AOL's security. That's how bad it was (and could possibly still be). In response, AOL sent us a SecurID token at a time when the tokens were given mainly to staff accounts. That worked out pretty well, at least until the token's battery died and we had to go through a messy process to get the account unlinked from it. Of course, by that time we were ready to cancel the account completely (which was a painful process in and of itself).

Btw, you'll find that a lot of professionals persist in using AOL. I have known accountants and lawyers who continue using it, mostly because all of their contacts have the addresses but also because they're not sufficiently tech savvy to hate AOL.

turtle777 · May 21, 2006, 08:53 AM

Originally Posted by Big Mac

No, I'm saying the password may have been acquired on more than one occasion. It happened to the legacy AOL address of my father's corporation in the '90s. The account was hacked once, and then later on our access was suspended and we were contacted by a special AOL security team because they found out a second hacking was going to occur. The two of us who had the password practiced safe password techniques and only ran the software from one Mac, yet they were still able to circumvent AOL's security. That's how bad it was (and could possibly still be). In response, AOL sent us a SecurID token at a time when the tokens were given mainly to staff accounts. That worked out pretty well, at least until the token's battery died and we had to go through a messy process to get the account unlinked from it. Of course, by that time we were ready to cancel the account completely, and that was a pain as well.

Wow, just wow.

My motion to dump AOL seconded.

-t

sabrejim · May 22, 2006, 10:42 AM

Are you sure that you were contacted by an AOL security team and not someone posing as the AOL Secruity team?

zmcgill · May 22, 2006, 11:07 AM

Originally Posted by kaze0

Are you sure that you were contacted by an AOL security team and not someone posing as the AOL Secruity team?

Perhaps their email went a bit like this:

Hello, this is the AOL securtiy teem.
WE found out threw our telepathic powerz that your going to be h4xxored. PLease send us eleventy billion™ dollars and your password and your credit card information and well send you a securrity token.
Thank you,
The real AOL security team (not fake!)

Big Mac · May 22, 2006, 01:19 PM

Originally Posted by kaze0

Are you sure that you were contacted by an AOL security team and not someone posing as the AOL Secruity team?

Yes, I am sure we were talking to a special security team. The second time they tried to hack the account, it was locked up, and normal AOL customer service could do nothing about it - we had to call a special number. They then sent us out the SecurID token.