Skip to Main Content

‘AOL OATH Switch’ Phishing Scam Email

According to this email, which purports to be from AOL,  your account will be cancelled if you do not click a link to “switch to the new AOL OATH”. 


The message claims that the switch is necessary because AOL and Yahoo teamed up in 2017 to become one company called Oath.

However, the message is not from AOL or Oath and the link opens a fraudulent website. It is a phishing scam designed to steal your AOL account login credentials.

It is true that Verizon has formed a new subsidiary called “Oath” that incorporates both Yahoo and AOL. The deal was completed in June 2017.  In this case,  the scammers have capitalised on news of the merger to make their fake message seem more credible.

And, in a further attempt to make the email seem legitimate, the scammers have copied some of the text from a genuine Oath email that informed users about changes to the company’s privacy policy.

In April 2019, another version of the message began hitting inboxes. The new version falsely claims that your  “AOL email address will stop working after 20th of APRIL 2019 unless you switch to AOL OATH”. Again, the button in the email opens a fraudulent website designed to steal your account login details. 


But, to reiterate,  the email has no connection to Oath and it is not true that your account will be cancelled if you do not click the link.

If you do click the link, a fake AOL login screen will load in your browser. The login screen asks for your username or email address as well as your account password. If you enter this information and click the sign in button, you will then be automatically redirected to the genuine AOL website.

But, now the scammers can collect your login information and use it to hijack your AOL account. Once they have gained entry to your account, they can steal information you have stored there and use the account to launch further spam and scam campaigns in your name.  They may also be able to access any services that are linked to the same account.

Top Tips:

  • If you receive one of these emails, do not follow any links or open any attachments that it contains.
  • It is always safest to login to all of your online accounts by entering the address into your browser’s address bar or via a trusted app. If a company does require that you make changes to your account such as agreeing to an updated privacy policy, you will generally be informed of this via a message you see after you log in.