Password breaches lead to rise in email spam

Powered by SC Magazine
 

Researchers point to Hotmail, Gmail, and Yahoo! password exposures.

A huge spike in webmail spam has been detected after passwords were published last week.

Following news that thousands of Hotmail, Gmail and Yahoo passwords were stolen and posted online, Websense Security Labs has detected a marked increase in the number of spam emails which have been sent from Yahoo!, Gmail and Hotmail accounts over the last few days.

It claimed that the spam emails are being sent from user accounts to contacts in their address book – so people will think the email came from a friend or known contact. This spam email recommends a product and invites the reader to click on a link to a fake shopping site to buy the goods.

Carl Leonard, EMEA threat manager at Websense, said: “This is just another example of online fraudsters becoming increasingly adept at gaining personal and confidential information from unsuspecting victims. Websense Security Labs have found that 37 per cent of malicious web attacks over the last six months included data-stealing code, demonstrating that attackers are clearly after essential information and personal data.”

Patrick Runald, security research manager at Websense, claimed that this sort of ‘electronic spam' has been going on all year but it started picking up six to seven days ago and it coincides with the lists of passwords being made public on the internet.

Runald said: “Is this a coincidence? We think that people got hold of the lists and used the accounts, or it could be the same people who were behind the compromise, but the spam increased at the same time as the passwords were made public.

“The domains that we are tracking have all been set up in the last two months, and they look like a legitimate store, but will sell an Apple Macbook Air for so much less than the retail price, but it looks real and is fooling users who are saying online that they placed an order and it never arrived. This is essentially a scam and that unfortunately seems to work.”

Runald further claimed that Websense has seen a decline in phishing with cybercriminals preferring to use password-stealing Trojans that work better than phishing emails.

“We do not have any proof of this but it does not mean that it did not happen. We can hear what Microsoft and Google are saying, my educated guess is that this has been going on for a while,” said Runald.  

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 438

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote