Email Attacks Put Other Types of Accounts in Jeopardy

Many Sites Use Email Addresses for Log-in Purposes

Get the WebProNews Newsletter:

[ Business]

You’ve probably seen reports of big webmail phishing attacks over the week. A spokesperson for Symantec‘s Message Labs tells WebProNews, however, that most reports have glossed over a key point to consider. That is that the potential impact on other aspects of victims’ online lives are in jeopardy as well.

"The bad guys have more than just access to users’ email accounts," says the spokesperson. "They have access to a host of other online services the victims use."

Paul Wood, MessageLabs Intelligence Senior Analyst says, "A user’s unique email address is often used to authenticate a number of web sites, including social networking sites and Instant Messaging on a public Instant Messaging (IM) network. If your email address has been compromised, not only should you change the password there, you should also change it on any other site that uses that email address as a log in ID."

If a cybercriminal had the email account information and wanted to take over a related social networking account, all they would have to do is try the password reminder links from the login pages. Then they could use the victim’s email to spam, but they could also gain access to other personal information, not to mention use your account to spam social networks as well.

Facebook - Forgot Password

MessageLabs says it has tracked a number of phishing attacks using Instant Messaging, where bad guys would collect real IM user account info and passwords, only to use them to send spam to everyone on the person’s buddy list. This is another possible result. "An invitation to view a funny video or embarrassing pictures by clicking on a link in an IM was the bait and the landing site would then ask the victim to log in with their IM user name and password," the spokesperson says. "For public IM networks, the user name is often the same as the web-based email account."

In other phishing-related news, the FBI has charged nearly 100 people in the United States and Egypt as part of Operation Phish Phry," one of the largest cyber fraud phishing investigations ever. WebProNews has more details on that here.

Email Attacks Put Other Types of Accounts in Jeopardy
Comments Off on Email Attacks Put Other Types of Accounts in Jeopardy
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom