Scale of webmail phishing scam widens

A phishing scam discovered yesterday when thousands of passwords and user names for Hotmail accounts were posted online now appears to be much bigger than...

A phishing scam discovered yesterday when thousands of passwords and user names for Hotmail accounts were posted...

online now appears to be much bigger than first thought with users of several other webmail services now affected.

Private details of webmail accounts from Google, Yahoo , AOL , Comcast and Earthlink , have appeared on the web, pushing the number of compromised accounts beyond 20,000.

Users of webmail services are being advised to review all of the passwords they use online after following the phishing scam.

Research by security specialists Sophos, found that 40 percent of people use the same password for all their online accounts, raising concerns that victims of the scam may be vulnerable to futher attacks.

Security experts are urging people to change their webmail and other passwords and be especially wary of opening attachments.

The growing practise of phishing involves tricking users into revealing sensitive information to an entity masquerading as a trusted party, usually via an email which directs users to a fake website.

All of the stolen information revealed during this latest incident has been posted to, a popular code sharing website for developers. It is not yet known, however, whether yesterday's and today's lists are related to the same scam.

The scope of the attack/s is also unclear. Yesterday, only details of Hotmail accounts with user names beginning in "A" or "B" were listed, suggesting that this may be just the first portion of a much bigger list.

There was some suggestion yesterday that Microsoft's internal data may have been breached, however, the company, which owns Hotmail, promptly issued a statement confirming that the a third-party website was the source of the attack.



Enjoy the benefits of CW+ membership, learn more and join.

Read more



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: