Sign in with
Sign up | Sign in

Web Experts: Hotmail Phishing Scam is Spreading

By - Source: Tom's Hardware US | B 20 comments

Web experts say that the huge phishing scam that saw the details of thousands of Hotmail users posted online is still spreading.

Earlier this week the logins and passwords of 10,000 mostly European hotmail users were posted online. Soon after, reports did the rounds that folks using AOL, Yahoo! Mail, Gmail and services from other providers were also affected and a Gmail spokesperson admitted that the company was also targeted in what the search giant described as an industry-wide phishing scam. Today experts speaking to the BBC say it that the attack is ongoing and may not have been a phishing attack at all.

BBC cites security firm Websense, which says it has noticed a sharp rise in spam e-mails from Yahoo, Gmail and Hotmail accounts, as well as Amichai Shulman from security firm Imperva who says the high numbers of victims suggest that it could have been a key-logging attack.

Why does Shulman think attackers were using key-logging software? Well, despite Microsoft urging all 21 million Hotmail users to change their passwords, some users are still experiencing problems. BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password.

"I checked my account yesterday and found more than 10 e-mails with links [that] were sent from my Hotmail [account] to people from my contacts," Griffin said. After changing his password, he "found an hour later they had sent another six e-mails".

Have you changed your passwords yet?

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 7 Hide
    spazebar , October 8, 2009 11:57 AM
    Bet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?
  • 0 Hide
    dan101rayzor , October 8, 2009 12:19 PM
    How do these people get these passwords? Does the victim have to open a spam email to get their pasword stolen?
  • 2 Hide
    dan101rayzor , October 8, 2009 12:30 PM
    excalibur1814The title states Hotmail... then the paragraph informs that it's also the others. Could Toms PLEASE change the title.


    Thats because it started with hotmail. Then the rest got affected.
  • Display all 20 comments.
  • -2 Hide
    jobz000 , October 8, 2009 12:48 PM
    Yeah, talk about a misleading title.
  • 1 Hide
    t3nchi , October 8, 2009 1:30 PM
    Don't just change your password but make sure your alternate email and secret question is changed. Make sure the hackers didn't post a different alternate email or phone number for txting (which they did in my gmail, good thing I checked after recovering my account). Once I recovered my accounts, I noticed an attempt to request a "forgotten password" soon after but it was forwarded to my real alternate email, not their's.
  • 1 Hide
    JasonAkkerman , October 8, 2009 1:32 PM
    Quote:
    BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password.


    Just like that one time with Luke Perry was caught hacking into his bank account.

    /cut to flashback
  • 1 Hide
    hellwig , October 8, 2009 2:10 PM
    I would think, with its lack of POP and IMAP, that Yahoo mail would be mostly unaffected. There's no way its efficient or worthwhile to manually log into someone's Yahoo account to send spam emails. I suppose you could have an intelligent script navigate the yahoo web interface, but still, why not just go after Google and send millions of emails through POP or IMAP?
  • 3 Hide
    gamerjames , October 8, 2009 3:12 PM
    spazebarBet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?


    Probably, I just had one of those fake AV's and my mom kept telling me to just pay so that it would go away and stop lagging my computer. I told her i knew it was fake, used MalwareBytes, got it off, and saved my moms credit card. Lol.

    But yeah, I can see how people would fall for those, as my mom would have.
  • 1 Hide
    Supertrek32 , October 8, 2009 3:41 PM
    spazebarBet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?

    Oh! A popup! What? It's telling me it scanned my computer and I have a virus! It must be true. It's on the internet! Sure anyone can make a site at any time, but why would they lie to me? They just want to sell me their nice product!
  • 2 Hide
    crazymech , October 8, 2009 3:45 PM
    Quote:
    BBC reader Peter Griffin says that he's still experiencing problems


    Honestly, it's Peter Griffin, I'd be more worried if he wasn't experiencing some sort of problems.
  • 0 Hide
    virtualban , October 8, 2009 4:02 PM
    supertrek32Oh! A popup! What? It's telling me it scanned my computer and I have a virus! It must be true. It's on the internet! Sure anyone can make a site at any time, but why would they lie to me? They just want to sell me their nice product!

    Those described here remind me of the fake Msn Messenger popups that appear on some webpages. Well, my taskbar is not on that side, AND I don't use messenger, but a very clever idea. Users click and more popups to come.
  • 0 Hide
    virtualban , October 8, 2009 4:03 PM
    virtualbanThose described here remind me of the fake Msn Messenger popups that appear on some webpages. Well, my taskbar is not on that side, AND I don't use messenger, but a very clever idea. Users click and more popups to come.

    Oh, I forgot. Users pay, and many many more popups to come, maybe not straight away.
  • 1 Hide
    Anonymous , October 8, 2009 4:22 PM
    "BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password."

    Maybe it's the work of his evil twin brother Thaddeus Griffin. "Nyah!"
  • 0 Hide
    dextermat , October 8, 2009 5:12 PM
    I guess im an expert too to know that phishing scams are on the rise ok so where my money for that :p 
  • 0 Hide
    wildwell , October 8, 2009 6:13 PM
    So what's the next step for affected email users if changing their login password didn't work? Comb their computers for active key-logging software?
  • 0 Hide
    rooket , October 8, 2009 7:50 PM
    spazebarBet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?


    kaspersky? ;) 
  • 0 Hide
    webbwbb , October 8, 2009 10:17 PM
    Quote:
    Have you changed your passwords yet?


    I don't install random software into my computer or click on every ad banner that I see so I don't need to worry about that.
  • 1 Hide
    seatrotter , October 9, 2009 3:52 AM
    I don't install random software into my computer or click on every ad banner that I see so I don't need to worry about that.
    ...and then you realize that the article you're reading (minutes later) is about a peripherals/device manufacturer that had their website infected, along with the software/drivers for download, that took more than week before it was noticed.

    ...and then you realize that you had just installed a software/driver recently downloaded from their website.

    ...and then you realize that you have no AV (or have one, but the malware has an "awesome" polymorphic engine, easily defeating detection).

    Bummer :( 

    Haven't yet happened to me, but that'll definitely suck :( 
  • 0 Hide
    nekatreven , October 9, 2009 1:34 PM
    bogcottonI don't know much (anything) about the mechanics of online email services, but if the scammers used a machine to log on to all of the accounts simultaneously and not log out, would the user changing the password make any difference to the already logged in browser?


    It depends on the provider, and whether the user had selected "keep me logged in" in their preferences. Still, several of the providers would catch the logins and activity coming from two places (the real user, and then the bot) and they might flag that and reset the session. That would probably put the new password into affect, blocking the bot. Also, last I checked, Yahoo's online webmail had a maximum of two weeks it would "remember" you before you had to log in again, at which point the session would reset. Even then, usually the remember feature comes from a cookie on the user's computer that the bot would not have access to (in a simple phishing scheme).

    So to answer your question: If the changed password did not immediately block the bot, it would before too long. The bigger question though is still whether this was a phishing attack and the user was tricked into giving ONE password, or a key-logging attack that will CONTINUE to report on the new passwords.
  • 0 Hide
    smokinu , October 9, 2009 5:40 PM
    It will spread until people stop clicking random crap, think before they click, check who an email comes from prior to opening it, STOP Sending me those damn chain mails. Oh stop filling my gmail with girls who like goats and weird crap like that.