A few days ago I received a spammy email that appeared to be from someone I’ve known for a long time. I was pretty sure that it wasn’t from the individual but maybe a coincidence since he has a common name; that is, until I looked at the email address the message was sent from; it was his Hotmail address. I also found this same message in another of my email accounts.
I contacted him about the messages and he had no idea how they were being sent. Looking that the email headers, one can see that the email was not spoofed as it actually originated on the Hotmail service. The headers also show that originating IP address is in Asia. Someone (or an automated process on a server) in Asia logged into my friend’s Hotmail account and sent emails to his contacts and who knows who else.
What Probably Happened
In October, it was reported that the passwords of tens of thousands of users of the Windows Live Hotmail email service were leaked online. Microsoft confirmed that these passwords were obtained as a result of a phishing scheme. If this is the case, any email service could be a target of such attacks. In addition to sites that might pretend to be related to Hotmail to get a user to enter their login credentials, there are an unlimited number of seemingly innocuous websites that ask for email credentials many times social networking sites in order to see if the user’s friends are already using their service. In fact, services like Twitter, MySpace, FaceBook, and LinkedIn have done this very thing to get more users on their sites. Another factor is trojans that hide on a user’s computer with the sole purpose of stealing passwords.
Spam Isn’t the Real Issue
What many people fail to realize is that when you give away the password to your email account you are essentially giving away the keys to the kingdom. Many users have financial and other personal information stored in their email accounts. New websites pop up everyday and there is no way to know how reputable those sites are. Even when the company is reputable, what happens to the data it has collected if it folds?
You Have to Protect Your Data
The weakest link in information security is always the users themselves. Users have to be more vigilant in protecting their information. There is only so much service providers can do if users give out their passwords themselves.
To resolve my friend’s immediate problem, I recommended that he change his Hotmail password and scan his computer for trojans. The real solution, however, is to prevent disclosure of his password – accidental or otherwise. It is also a good idea to change the password periodically.
You might also be interested in:
Topics
Recent Posts
- Solar Charge on the Go
- Fake Antivirus Holds Your System Hostage
- Facebook Security Snare
- iOS 4 Upgrade on iPhone 3G
- CLEAR High-Speed Wireless Internet Service Comes to Metro DC
- iPhone 4 and iOS 4 Introduced: Verdict Out
- Folding Bluetooth keyboards – rare commodity now, could be hot item soon!
- Are You Spamming Everyone You Know?
- Bank Emails Customer Data to Wrong Account Exposing 1,325 Customers to Potential Identity Theft
- Virgin America Uses Linux
Recent Comments
- Kenya on Solar Charge on the Go
- wardell latham on Solar Charge on the Go
- kenya on Facebook Security Snare
- judykhs on Facebook Security Snare
- Kenya on Fake Antivirus Holds Your System Hostage
- Kenya on Fake Antivirus Holds Your System Hostage
- Savvypreneur on Fake Antivirus Holds Your System Hostage
- Wardell on Fake Antivirus Holds Your System Hostage
- Jeff_at_CLEAR on CLEAR High-Speed Wireless Internet Service Comes to Metro DC
- Nicole on CLEAR High-Speed Wireless Internet Service Comes to Metro DC
View Comments
wardell latham
December 13th, 2009 at 8:47 am
1Great post, I think your keys to the kingdom comment was right on the money. In addition to a good virus and malware scanner, if would probably be beneficial for users to install browser software like Web of Trust to help identify malicious web sites.
Kenya
December 13th, 2009 at 12:37 pm
2That's a good idea as well. I used to use McAfee SiteAdvisor. The problem though is that many times social networks pop up overnight and they have not yet been rated. My wish is that people would pay more attention and not trust everything on the internet.
Thanks for tweeting this post BTW!
wardell latham
December 13th, 2009 at 1:47 pm
3Great post, I think your keys to the kingdom comment was right on the money, your email account is like the hub of all of your other online accounts and activity. In addition to a good virus and malware scanner, if would probably be beneficial for users to install browser software like Web of Trust to help identify malicious web sites.
Kenya
December 13th, 2009 at 5:37 pm
4That's a good idea as well. I used to use McAfee SiteAdvisor. The problem though is that many times social networks pop up overnight and they have not yet been rated. My wish is that people would pay more attention and not trust everything on the internet.
Thanks for tweeting this post BTW!
Categories
Recent Posts
Popular Posts
Check out
Subscribe via Email
Comments
Tags