Password breaches lead to rise in email spam

Powered by SC Magazine
 

Researchers point to Hotmail, Gmail, and Yahoo! password exposures.

A huge spike in webmail spam has been detected after passwords were published last week.

Following news that thousands of Hotmail, Gmail and Yahoo passwords were stolen and posted online, Websense Security Labs has detected a marked increase in the number of spam emails which have been sent from Yahoo!, Gmail and Hotmail accounts over the last few days.

It claimed that the spam emails are being sent from user accounts to contacts in their address book – so people will think the email came from a friend or known contact. This spam email recommends a product and invites the reader to click on a link to a fake shopping site to buy the goods.

Carl Leonard, EMEA threat manager at Websense, said: “This is just another example of online fraudsters becoming increasingly adept at gaining personal and confidential information from unsuspecting victims. Websense Security Labs have found that 37 per cent of malicious web attacks over the last six months included data-stealing code, demonstrating that attackers are clearly after essential information and personal data.”

Patrick Runald, security research manager at Websense, claimed that this sort of ‘electronic spam' has been going on all year but it started picking up six to seven days ago and it coincides with the lists of passwords being made public on the internet.

Runald said: “Is this a coincidence? We think that people got hold of the lists and used the accounts, or it could be the same people who were behind the compromise, but the spam increased at the same time as the passwords were made public.

“The domains that we are tracking have all been set up in the last two months, and they look like a legitimate store, but will sell an Apple Macbook Air for so much less than the retail price, but it looks real and is fooling users who are saying online that they placed an order and it never arrived. This is essentially a scam and that unfortunately seems to work.”

Runald further claimed that Websense has seen a decline in phishing with cybercriminals preferring to use password-stealing Trojans that work better than phishing emails.

“We do not have any proof of this but it does not mean that it did not happen. We can hear what Microsoft and Google are saying, my educated guess is that this has been going on for a while,” said Runald.  

See original article on scmagazineuk.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  4%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1053

Vote