Fact Check

Flashing IM Password Theft

Is a flashing Instant Message is a sign that someone is trying to steal your password?

Published Nov 25, 2001


Claim:   A flashing Instant Message is a sign that someone is trying to steal your password.

Status:   False.

Example:   [Collected on the Internet, 1998]

If you get a Flashing IM, DO NOT reply or delete, but sign off immediately and re-sign on. Then change your password immediately. If you are unable to sign on, call AOL. The number is 1-800-827-6364

The Flashing IM is a password stealer. This has been confirmed by AOL.


Origins:   This is one of the more venerable Internet hoaxes (excluding bogus computer virus warnings, which will probably outlive us all), having circulated unchanged since 1998. Its premise is a bit farcical, somewhat like claiming "If you receive an e-mail message

containing bold text, it's a password stealer!" Not all flashing messages are sent by people intent upon stealing your password, and not all password-stealers advertise their efforts by sending flashing messages.

Nearly all instant messaging services — not just AOL's Instant Messenger (AIM) but others such as ICQ — have been the target password-stealing hacks at one time or another, but none of them involved password thefts triggered (or announced) by the receipt of flashing messages. And if AOL has truly "confirmed" the efficacy of this three-year-old warning, it's amazing that they make no mention of it on their web site.

It's a fact of life that anything protected by a password will attract those bent on stealing the password, but jumping at shadows (or flashing messages) won't protect you from thieves. Your best protection is to follow standard password guidelines and to periodically check for security updates concerning the applications you use.

Last updated:   29 October 2007

David Mikkelson founded the site now known as snopes.com back in 1994.

Article Tags