Web mail scam propagates itself

Web mail scam propagates itself
7 October 2009 | | Internet

The industry-wide phishing scam that has affected popular web mail services such as Hotmail and GMail, is spreading, according to experts.

Security firm Websense says it has noticed a sharp rise in spam emails from Yahoo, Gmail and Hotmail accounts.

This is because infected accounts are sending personalised e-mails to contacts suggesting shopping sites, which are in fact fakes.

Security expert Carl Leonard warned people to be on their guard.

He advised people to check with friends that they had indeed sent the recommendation before visiting any new shopping sites.

He also advised people to check web addresses: they should read https, with the ‘s’ standing for secure.

The news reflects e-mails the BBC has received from victims.

Peter Griffin found his Hotmail account had been compromised on Tuesday. He is currently unemployed and is worried that he has been sending spam to prospective employers.

“I checked my account yesterday and found more than ten e-mails with links [that] were sent from my Hotmail [account] to people from my contacts,” he told the BBC.

Despite changing his password, he “found an hour later they had sent another six e-mails”.

Key-logging

One security expert thinks victims of the scam could have been part of a so-called key-logging attack.

Amichai Shulman from security firm Imperva said the high numbers of victims suggested this type of attack.

Unlike a traditional phishing scam, which lures people into revealing their details on fake websites, key-logging records individual key strokes.

In some cases the malware could have been downloaded automatically.

The scam was highlighted when several lists, detailing more than 30,000 names and passwords from Hotmail, Google and Yahoo web mail accounts were posted online.

BBC News has seen two lists that detail more than 30,000 names and passwords from e-mail providers, including Yahoo and AOL, which were posted online.

Google is aware of a third list, although it is not clear how many names are on it.

The size of the scam has led Mr Shulman to question whether it is a traditional phishing attack.

Lists ‘common’

“The vast majority of people do not fall prey to phishing attacks and the success rates are around one per 1,000. The fact that even one of these lists contained 10,000 names suggests to me that it was a key-logging scam,” he said.

Key-logging malware can be downloaded from infected websites, of which Mr Shulman estimates there are millions in existence.

Once on a machine it can record every keystroke, including passwords or bank details.

The malware that installs a key-logger can be downloaded automatically although often it requires users to click a box, with common fakes promising system-enhancing or anti-virus software.

The lists, which were posted online at Pastebin, a website where developers share code, are not unusual, according to Mr Shulman.

“That’s the nature of the world we live in and sometimes we get a glimpse inside it. These lists are constantly traded online,” he said.

“The fact that the lists became public is probably negligence on the part of the hackers,” he added.

According to a report published by MarkMonitor last week, phishing is at a two-year high.

It found that phishers are now targeting payment websites and social networkers as well than the traditional banking websites.

Experts are advising anyone who thinks they might have been affected by the scam to update their anti-virus software and to immediately change their passwords.

It has reopened the debate about how people manage the numerous passwords they have for various web accounts.

It has led one security expert to offer some unusual advice.

“People should write down their web based passwords. That’s one way of making sure that you can remember a “strong” password,” said Sean Sullivan, security advisor at F-Secure.

“This tends to go against the conventional wisdom but it just makes more sense. People use weak passwords because they cannot remember the strong ones.”

Content courtesy of the BBC

https://news.bbc.co.uk/1/hi/technology/8294714.stm

More posts from our team


Previous Post:
Next Post:

Back to all news

Reviews2024
Five Star
Reviewed Marketing
5 gold stars
google review logofacebook review with 5 stars
"Excellent service from James at Dental Design, thank you very much for your prompt attention whenever I get in touch! Would definitely recommend to a friend" Alison Tarmey View Full Testimonial
Google reviews logo "Would definitely recommend to a friend"
5 gold stars
"As a dental practice manager I cannot recommend Dental Design highly enough. They are just brilliant at what they do. Lucy and her colleagues are just an email or a phone call away...." Emma Smith View Full Testimonial
Google reviews logo "I cannot recommend Dental Design highly enough"
5 gold stars
"Really great company to deal with. They always respond quickly and are truly reliable. I would 100% recommend, the staff are so friendly and helpful." Michelle Molloy View Full Testimonial
Google reviews logo "Really great company to deal with"
5 gold stars
"I got increased traffic and new patients applying to my surgery, once Dental Design upgraded my website. They are very professional, efficient & adaptive to new situations..." Joanna Gallop View Full Testimonial
Google reviews logo "Very professional, efficient & adaptive to new situations"
5 gold stars
"Lucy has been a star, responding to and acting upon our requests in a prompt, efficient and professional manner, as well as the rest of the Dental Design team..." Abhay Shah View Full Testimonial
Google reviews logo "I cannot recommend them highly enough"
5 gold stars
"...Since the website has been up and running Lucy Mander has been our point of contact. She has been invaluable and gone out of her way to help us, especially during COVID-19 lockdown... " Lucy Jones View Full Testimonial
Google reviews logo "Has been invaluable and gone out of her way to help us"
5 gold stars
"Thank you for all your help and support, and the provision of valuable learning aids for our patients and staff alike in these difficult times. We love the look of our practice website. Very professional!" Sandra Luck View Full Testimonial
Google reviews logo "We love the look of our practice website. Very professional!"
5 gold stars
"Dental Design stood out both in their knowledge of the industry and their professionalism and can-do attitude. All of their staff are exceptionally competent and knowledgeable..." Harvey Rook View Full Testimonial
Google reviews logo "Dental Design stood out both in their knowledge of the industry and their professionalism"
5 gold stars
"Having done extensive research into all the dental website companies, the team and package offered at dental design was unrivalled..." Neil Shah View Full Testimonial
Google reviews logo "The team and package offered at dental design was unrivalled"
5 gold stars
"The team at dental design (especially Rosie) are absolutely fantastic and are always on hand to help. They are professional, friendly and extremely efficient. Rosie always gets back..." KiKi Wilmot View Full Testimonial
Google reviews logo "absolutely fantastic and are always on hand to help"
5 gold stars
"Dental Design are fantastic to work with, our website is amazing and the support they provide is second to none. Our account manager Rosie L is a fabulous point..." Luke Lucas View Full Testimonial
Google reviews logo "Dental Design are fantastic to work with"
5 gold stars
"Having worked with the Dental Design team for the last six months, I've found them not only helpful, but friendly and approachable too. I bombard Marcus with regular..." Sophie Harper View Full Testimonial
Google reviews logo "always met with a swift and professional response"
5 gold stars
desk with branded documents