Scammers exploit public lists of hijacked Hotmail passwords
Scams spike after 'free' lists of compromised passwords leak, Websense says
Computerworld - Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake Chinese electronics seller to bilk users out of cash and their credit card information, a security researcher said today.
"We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, senior manager of Websense's security research team. "By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras and computers."
The messages shill for a fake electronics retailer in China, and provide a link to its site, said Runald, who added that the ensuing domain looks legitimate enough but is simply a front. "They're offering great deals -- MacBook Pros going for $700, when they really cost $1,200 or $1,500," he said of the bogus retailer.
Consumers duped by the scam have reported on Web forums that they never received the goods they ordered. "There are tons of people posting this," claimed Runald. "But it's just a scam. Not only are they out the money they paid [for the non-existing items], but the scammers have their credit card number, their mailing address and everything else they need to make other purchases with the card."
The link to the Hotmail passwords is circumstantial, admitted Runald, but still credible.
"The increase in spam started as these lists became public knowledge," said Runald, who speculated that the scammers had simply taken advantage of the work of other criminals, grabbing the account information from the Web and then using those compromised accounts to send spam. "Since the lists made it into the public domain, they've been piggybacking," he said, of the scammers.
Another clue that hints at a connection between the spam spike and the hijacked Hotmail passwords is the claim consumers have made that they bit on the bogus China retailer scam because they'd received the messages from friends.
"They're saying that they received these messages from friends," said Runald, "but when they get in touch with that friend, he says 'I lost my account details' in the recent phishing attack. So it makes perfect sense that there's a connection."
Other e-mail security firms, however, were not able to confirm Websense's analysis. Google's Postini, for example, said it had not detected any appreciable upswing in spam. Symantec's MessageLabs, meanwhile, said it was unable to dig up data on short notice.
The saga of the compromised accounts started last week, when more than 10,000 Windows Live Hotmail passwords were posted to the Internet. This week, details of another 20,000 Hotmail, Google Gmail and Yahoo Mail accounts went public.
Microsoft and Google have said they have blocked the hijacked accounts, which both companies said were obtained through a wide-scale phishing attack, not through a security breach of their free, Web-based e-mail services.
While experts have urged users to change their e-mail account passwords, other researchers have noted that many of the compromised accounts used easily-guessed passwords, with 123456 and 123456789 as the most common.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!