Email attack spreads, dozy password protection won't help

7 October 2009

Bitterwallet - Gmail phishing attackThe phishing attack we first alerted you to on Monday is spreading to other webmail services besides Hotmail and is self-propagating, sending emails to online contacts that point to fake sites. Attacks like this are obviously nothing new, but this particular one is getting a lot of attention because of the scale of the problem.

It may not even be a standard phishing attack, where users bring about their own demise by bashing personal details and passwords into fake websites - one online security gob-on-a-stick quoted by the BBC believes it may be a key-logging attack. The attacks have also spread far beyond Hotmail accounts; there's been a sharp rise in spam emails from Yahoo and Gmail accounts since the attacks began, and AOL accounts have also been compromised.

Not that you'd necessarily need complex keyword-logging malware to compromise some email accounts. Acunetix has been combing through the original list of 10,000 Hotmail accounts and passwords that appeared on Monday. It seems that despite all the warnings, plenty of people don't have the capacity to remember a password beyond the bleeding obvious. The most common password found was 123456, followed by 123456789. Plenty more users have their own name as their password, while nearly half use only letters, rather than a mix of letters and numbers.

TOPICS:   Technology   Scams


  • John J.
    Yeah, don't get sucked in, they are very tricky. Delete, delete, delete, and don't respond.
  • maxtweenie
    I had a very sneaky one from Twitter yesterday. There were several genuine links to Twitter on the email, and then of course the one naughty little one that went to our phishing friends. Do as the Cybermen do, and Delete, Delete Delete!
  • Brian
    Hi, my name is Brian. I received an email from a Lithuanian Lady who said she would send me some "HOT PICTURES" of her engaged in pleasurable activities if i clicked on her link. I've checked my spreadsheet of spending, compared to my online bank account, and can't account for £1.49!!!!!
  • JohnJ
    It's fairly common for "phished" (or otherwise nicked) details to be tested first witha nominal purchase - often iTunes. If you really have a missing £1.49 change your password to be safe,
  • We B.
    [...] realise there’s a phishing scare on right now, but this HAS to be a genuine [...]
  • NobbyB
    Personally I think those that gave out their passwords should be named and shamed, and banned from using the internet for five years.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment