Client was advised that a ""Drop Box" email was generated from his AOL email account and sent to a number of Yahoo and AOL recipients automatically without his knowledge.
A recipient shared that they received it and opened it but "nothing was in there". Its possible the recipient was infected also.
I requested a copy of the email which I will post here once we remove identifying information.
Guidance given to client to:
1) Change the AOL password. Client advised that they had already done this but simply changed a "1" to a "2". I let them know that will not stop the hacker as they will figure that out quickly.
2) Download a Password Manager like 1Password or KeeperSecurity to their android phone to generate a long and strong password or passphrase. This may lock the hacker out (if there is no malware involved)
3) Install an antivirus or antimalware solution and scan the desktop/laptop computer for a keylogger or other malicious software.
4) Consider preparing a message of steps to take for any recipients who may have received the email, clicked it and become infected.