Web Experts: Hotmail Phishing Scam is Spreading

By Jane McEntegart
published

Web experts say that the huge phishing scam that saw the details of thousands of Hotmail users posted online is still spreading.

Earlier this week the logins and passwords of 10,000 mostly European hotmail users were posted online. Soon after, reports did the rounds that folks using AOL, Yahoo! Mail, Gmail and services from other providers were also affected and a Gmail spokesperson admitted that the company was also targeted in what the search giant described as an industry-wide phishing scam. Today experts speaking to the BBC say it that the attack is ongoing and may not have been a phishing attack at all.

BBC cites security firm Websense, which says it has noticed a sharp rise in spam e-mails from Yahoo, Gmail and Hotmail accounts, as well as Amichai Shulman from security firm Imperva who says the high numbers of victims suggest that it could have been a key-logging attack.

Why does Shulman think attackers were using key-logging software? Well, despite Microsoft urging all 21 million Hotmail users to change their passwords, some users are still experiencing problems. BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password.

"I checked my account yesterday and found more than 10 e-mails with links [that] were sent from my Hotmail [account] to people from my contacts," Griffin said. After changing his password, he "found an hour later they had sent another six e-mails".

Have you changed your passwords yet?

Jane McEntegart
20 Comments Comment from the forums
  • spazebar
    Bet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?
    Reply
  • dan101rayzor
    How do these people get these passwords? Does the victim have to open a spam email to get their pasword stolen?
    Reply
  • dan101rayzor
    excalibur1814The title states Hotmail... then the paragraph informs that it's also the others. Could Toms PLEASE change the title.
    Thats because it started with hotmail. Then the rest got affected.
    Reply
  • jobz000
    Yeah, talk about a misleading title.
    Reply
  • t3nchi
    Don't just change your password but make sure your alternate email and secret question is changed. Make sure the hackers didn't post a different alternate email or phone number for txting (which they did in my gmail, good thing I checked after recovering my account). Once I recovered my accounts, I noticed an attempt to request a "forgotten password" soon after but it was forwarded to my real alternate email, not their's.
    Reply
  • JasonAkkerman
    BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password.

    Just like that one time with Luke Perry was caught hacking into his bank account.

    /cut to flashback
    Reply
  • hellwig
    I would think, with its lack of POP and IMAP, that Yahoo mail would be mostly unaffected. There's no way its efficient or worthwhile to manually log into someone's Yahoo account to send spam emails. I suppose you could have an intelligent script navigate the yahoo web interface, but still, why not just go after Google and send millions of emails through POP or IMAP?
    Reply
  • gamerjames
    spazebarBet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?
    Probably, I just had one of those fake AV's and my mom kept telling me to just pay so that it would go away and stop lagging my computer. I told her i knew it was fake, used MalwareBytes, got it off, and saved my moms credit card. Lol.

    But yeah, I can see how people would fall for those, as my mom would have.
    Reply
  • Supertrek32
    spazebarBet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?Oh! A popup! What? It's telling me it scanned my computer and I have a virus! It must be true. It's on the internet! Sure anyone can make a site at any time, but why would they lie to me? They just want to sell me their nice product!
    Reply
  • crazymech
    BBC reader Peter Griffin says that he's still experiencing problems

    Honestly, it's Peter Griffin, I'd be more worried if he wasn't experiencing some sort of problems.
    Reply