On July 1, 2024, AAO IT and Cyber Security teams identified a targeted incident affecting certain AAO members. The attack involves a deceptive email designed to mimic official communications from the AAO. This email prompts recipients to update their personal information on a fraudulent website that mimics the AAO’s official site, using a provided hyperlink. 

Once at the fraudulent website, members are instructed to select their email provider and enter their email address (which is auto-filled after clicking the link), followed by their password. 

If these steps are taken, the site may display a message stating that the credentials could not be verified, prompting the user to retry.  

What is the impact? 

The victim may attempt multiple times with multiple credentials to log in using the email address used to deliver the malicious message.  At that point, the attackers will have the member’s email credentials and/or AAO credentials. 

Action To Take 

1. If you have received the email but did not click the link: 

  • Mark the email as spam and delete it.  
  • No further action is needed. 

2. If you have received the email and clicked on the link or took any other actions: 

  • Immediately change your email password (and update passwords for any accounts that share the same password). 
  • Contact AAO Member Services to report the incident; they will provide further instructions and support.