Password breaches lead to rise in email spam

Powered by SC Magazine

Researchers point to Hotmail, Gmail, and Yahoo! password exposures.

A huge spike in webmail spam has been detected after passwords were published last week.

Following news that thousands of Hotmail, Gmail and Yahoo passwords were stolen and posted online, Websense Security Labs has detected a marked increase in the number of spam emails which have been sent from Yahoo!, Gmail and Hotmail accounts over the last few days.

It claimed that the spam emails are being sent from user accounts to contacts in their address book – so people will think the email came from a friend or known contact. This spam email recommends a product and invites the reader to click on a link to a fake shopping site to buy the goods.

Carl Leonard, EMEA threat manager at Websense, said: “This is just another example of online fraudsters becoming increasingly adept at gaining personal and confidential information from unsuspecting victims. Websense Security Labs have found that 37 per cent of malicious web attacks over the last six months included data-stealing code, demonstrating that attackers are clearly after essential information and personal data.”

Patrick Runald, security research manager at Websense, claimed that this sort of ‘electronic spam' has been going on all year but it started picking up six to seven days ago and it coincides with the lists of passwords being made public on the internet.

Runald said: “Is this a coincidence? We think that people got hold of the lists and used the accounts, or it could be the same people who were behind the compromise, but the spam increased at the same time as the passwords were made public.

“The domains that we are tracking have all been set up in the last two months, and they look like a legitimate store, but will sell an Apple Macbook Air for so much less than the retail price, but it looks real and is fooling users who are saying online that they placed an order and it never arrived. This is essentially a scam and that unfortunately seems to work.”

Runald further claimed that Websense has seen a decline in phishing with cybercriminals preferring to use password-stealing Trojans that work better than phishing emails.

“We do not have any proof of this but it does not mean that it did not happen. We can hear what Microsoft and Google are saying, my educated guess is that this has been going on for a while,” said Runald.  

See original article on

Copyright © SC Magazine, US edition

Top Stories
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
Amazon forced to reboot EC2 to patch Xen bug
Rolling restarts over next week.
Vodafone reveals plans to store users' online activity
Says retrieval under Govt proposal will impose massive cost.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats