Tuesday, October 6, 2009
Hackers hook Web email users with "phishing" scams
A day after Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online, the list of victims was growing to include users of an array of email services.
"We recently became aware of a phishing scheme through which hackers gained user credentials for Web-based mail accounts including a small number of Gmail accounts," Google said in response to an AFP inquiry.
"As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts if we become aware of them."
Cyber-crooks evidently used "phishing" tactics to trick users of free Web-based email service into revealing account and access information.
"We are aware that a limited number of Yahoo! IDs may have been made public," Yahoo! said in a statement to AFP. "Online scams and phishing attacks are an ongoing and industry-wide issue."
Time Warner subsidiary AOL, in response to an AFP inquiry, said it is "closely monitoring the situation."
"Our guidance to users is to keep your wits about you: do not click on live links, or insert any details into input fields in emails, pop-ups or Web pages if you are not sure where they come from."
Microsoft said Monday that it learned of the latest problem during the weekend after Hotmail account information of "several thousand" users, many of them reportedly in Europe, was posted at a website.
The unconfirmed list of Hotmail accounts compromised by "phishing" has grown into the tens of thousands.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," Microsoft said. "We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."
Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.
Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites.
Microsoft, Google, and Yahoo! stressed that hackers did not breach their databases, but rather email users were conned into revealing information.
"Phishing is an industry-wide problem... exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software," Microsoft said.
Google advises Gmail users not to "click through" on warnings browsers may raise about certificates nor sign in at Web addresses that don't start with google.com/accounts.
Web-based email users who suspect their accounts have been compromised should change passwords and check to make certain any secondary email or texting options in accounts have not been changed.
"We encourage users to be very careful when asked to share their personal information," Google said.
The email service providers urged people to visit pages at their websites with advice and tools for protecting accounts.