Web Experts: Hotmail Phishing Scam is Spreading

[JMcEntegart]

Web experts say that the huge phishing scam that saw the details of thousands of Hotmail users posted online is still spreading.

Web Experts: Hotmail Phishing Scam is Spreading : Read more

 

[spazebar]

Bet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?

 

[dan101rayzor]

How do these people get these passwords? Does the victim have to open a spam email to get their pasword stolen?

 

[dan101rayzor]

[citation][nom]excalibur1814[/nom]The title states Hotmail... then the paragraph informs that it's also the others. Could Toms PLEASE change the title.[/citation]

Thats because it started with hotmail. Then the rest got affected.

 

[jobz000]

Yeah, talk about a misleading title.

 

[t3nchi]

Don't just change your password but make sure your alternate email and secret question is changed. Make sure the hackers didn't post a different alternate email or phone number for txting (which they did in my gmail, good thing I checked after recovering my account). Once I recovered my accounts, I noticed an attempt to request a "forgotten password" soon after but it was forwarded to my real alternate email, not their's.

 

[JasonAkkerman]

BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password.

Just like that one time with Luke Perry was caught hacking into his bank account.

/cut to flashback

 

[hellwig]

I would think, with its lack of POP and IMAP, that Yahoo mail would be mostly unaffected. There's no way its efficient or worthwhile to manually log into someone's Yahoo account to send spam emails. I suppose you could have an intelligent script navigate the yahoo web interface, but still, why not just go after Google and send millions of emails through POP or IMAP?

 

[gamerjames]

[citation][nom]spazebar[/nom]Bet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?[/citation]

Probably, I just had one of those fake AV's and my mom kept telling me to just pay so that it would go away and stop lagging my computer. I told her i knew it was fake, used MalwareBytes, got it off, and saved my moms credit card. Lol.

But yeah, I can see how people would fall for those, as my mom would have.

 

[Supertrek32]

[citation][nom]spazebar[/nom]Bet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?[/citation]
Oh! A popup! What? It's telling me it scanned my computer and I have a virus! It must be true. It's on the internet! Sure anyone can make a site at any time, but why would they lie to me? They just want to sell me their nice product!

 

[crazymech]

BBC reader Peter Griffin says that he's still experiencing problems

Honestly, it's Peter Griffin, I'd be more worried if he wasn't experiencing some sort of problems.

 

[virtualban]

[citation][nom]supertrek32[/nom]Oh! A popup! What? It's telling me it scanned my computer and I have a virus! It must be true. It's on the internet! Sure anyone can make a site at any time, but why would they lie to me? They just want to sell me their nice product![/citation]
Those described here remind me of the fake Msn Messenger popups that appear on some webpages. Well, my taskbar is not on that side, AND I don't use messenger, but a very clever idea. Users click and more popups to come.

 

[virtualban]

[citation][nom]virtualban[/nom]Those described here remind me of the fake Msn Messenger popups that appear on some webpages. Well, my taskbar is not on that side, AND I don't use messenger, but a very clever idea. Users click and more popups to come.[/citation]
Oh, I forgot. Users pay, and many many more popups to come, maybe not straight away.

 

[Guest]

"BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password."

Maybe it's the work of his evil twin brother Thaddeus Griffin. "Nyah!"

 

[dextermat]

I guess im an expert too to know that phishing scams are on the rise ok so where my money for that

 

[wildwell]

So what's the next step for affected email users if changing their login password didn't work? Comb their computers for active key-logging software?

 

[rooket]

[citation][nom]spazebar[/nom]Bet the key logging software is related to all thet fake Antivirus Malware BS that all the idiots get these days?[/citation]

kaspersky?

 

[webbwbb]

Have you changed your passwords yet?

I don't install random software into my computer or click on every ad banner that I see so I don't need to worry about that.

 

[seatrotter]

I don't install random software into my computer or click on every ad banner that I see so I don't need to worry about that.
...and then you realize that the article you're reading (minutes later) is about a peripherals/device manufacturer that had their website infected, along with the software/drivers for download, that took more than week before it was noticed.

...and then you realize that you had just installed a software/driver recently downloaded from their website.

...and then you realize that you have no AV (or have one, but the malware has an "awesome" polymorphic engine, easily defeating detection).

Bummer

Haven't yet happened to me, but that'll definitely suck

 

[nekatreven]

[citation][nom]bogcotton[/nom]I don't know much (anything) about the mechanics of online email services, but if the scammers used a machine to log on to all of the accounts simultaneously and not log out, would the user changing the password make any difference to the already logged in browser?[/citation]

It depends on the provider, and whether the user had selected "keep me logged in" in their preferences. Still, several of the providers would catch the logins and activity coming from two places (the real user, and then the bot) and they might flag that and reset the session. That would probably put the new password into affect, blocking the bot. Also, last I checked, Yahoo's online webmail had a maximum of two weeks it would "remember" you before you had to log in again, at which point the session would reset. Even then, usually the remember feature comes from a cookie on the user's computer that the bot would not have access to (in a simple phishing scheme).

So to answer your question: If the changed password did not immediately block the bot, it would before too long. The bigger question though is still whether this was a phishing attack and the user was tricked into giving ONE password, or a key-logging attack that will CONTINUE to report on the new passwords.

 

[smokinu]

It will spread until people stop clicking random crap, think before they click, check who an email comes from prior to opening it, STOP Sending me those damn chain mails. Oh stop filling my gmail with girls who like goats and weird crap like that.