News

Scale of webmail phishing scam widens

David Binning

A phishing scam discovered yesterday when thousands of passwords and user names for Hotmail accounts were posted online now appears to be much bigger than first thought with users of several other webmail services now affected.

Private details of webmail accounts from Google, Yahoo , AOL , Comcast and Earthlink , have appeared on the web, pushing the number of compromised accounts beyond 20,000.

Users of webmail services are being advised to review all of the passwords they use online after following the phishing scam.

Research by security specialists Sophos, found that 40 percent of people use the same password for all their online accounts, raising concerns that victims of the scam may be vulnerable to futher attacks.

Security experts are urging people to change their webmail and other passwords and be especially wary of opening attachments.

The growing practise of phishing involves tricking users into revealing sensitive information to an entity masquerading as a trusted party, usually via an email which directs users to a fake website.

All of the stolen information revealed during this latest incident has been posted to www.pastebin.com, a popular code sharing website for developers. It is not yet known, however, whether yesterday's and today's lists are related to the same scam.

The scope of the attack/s is also unclear. Yesterday, only details of Hotmail accounts with user names beginning in "A" or "B" were listed, suggesting that this may be just the first portion of a much bigger list.

There was some suggestion yesterday that Microsoft's internal data may have been breached, however, the company, which owns Hotmail, promptly issued a statement confirming that the a third-party website was the source of the attack.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy