A huge spike in webmail spam has been detected after passwords were published last week.
Following news that thousands of Hotmail, Gmail and Yahoo passwords were stolen and posted online, Websense Security Labs has detected a marked increase in the number of spam emails which have been sent from Yahoo!, Gmail and Hotmail accounts over the last few days.
It claimed that the spam emails are being sent from user accounts to contacts in their address book – so people will think the email came from a friend or known contact. This spam email recommends a product and invites the reader to click on a link to a fake shopping site to buy the goods.
Carl Leonard, EMEA threat manager at Websense, said: “This is just another example of online fraudsters becoming increasingly adept at gaining personal and confidential information from unsuspecting victims. Websense Security Labs have found that 37 per cent of malicious web attacks over the last six months included data-stealing code, demonstrating that attackers are clearly after essential information and personal data.”
Patrick Runald, security research manager at Websense, claimed that this sort of ‘electronic spam' has been going on all year but it started picking up six to seven days ago and it coincides with the lists of passwords being made public on the internet.
Runald said: “Is this a coincidence? We think that people got hold of the lists and used the accounts, or it could be the same people who were behind the compromise, but the spam increased at the same time as the passwords were made public.
“The domains that we are tracking have all been set up in the last two months, and they look like a legitimate store, but will sell an Apple Macbook Air for so much less than the retail price, but it looks real and is fooling users who are saying online that they placed an order and it never arrived. This is essentially a scam and that unfortunately seems to work.”
Runald further claimed that Websense has seen a decline in phishing with cybercriminals preferring to use password-stealing Trojans that work better than phishing emails.
“We do not have any proof of this but it does not mean that it did not happen. We can hear what Microsoft and Google are saying, my educated guess is that this has been going on for a while,” said Runald.
See original article on scmagazineuk.com
Password breaches lead to rise in email spam
Researchers point to Hotmail, Gmail, and Yahoo! password exposures.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
Australian organisations must act on security – or risk AI ambitions falling flat
Partner Content
AI Supercharged: How Search is Powering the Future
Microsoft Copilot Partner Hub
.png&h=140&w=231&c=1&s=0)
Partner Content
AI and quantum computing widen the machine identity security gap
Sponsored Whitepapers
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
