iEntry 10th Anniversary RSS Newsletter Advertising
WebProNews Alerts:
Visit Twellow.com
SearchSocial MediaTechnologyMarketingEmail MarketingGoogleFacebookTwitterBingYahooAmazonYouTube Tags
Text: Decrease Font Size Increase Font Size | Print Print Article | Share: Delicious Digg StumbleUpon Post to Twitter Post to Facebook
CommentThursday, October 8, 2009

Email Attacks Put Other Types of Accounts in Jeopardy

Many Sites Use Email Addresses for Log-in Purposes
By Chris Crum

You've probably seen reports of big webmail phishing attacks over the week. A spokesperson for Symantec's Message Labs tells WebProNews, however, that most reports have glossed over a key point to consider. That is that the potential impact on other aspects of victims' online lives are in jeopardy as well.

"The bad guys have more than just access to users' email accounts," says the spokesperson. "They have access to a host of other online services the victims use."

Paul Wood, MessageLabs Intelligence Senior Analyst says, "A user's unique email address is often used to authenticate a number of web sites, including social networking sites and Instant Messaging on a public Instant Messaging (IM) network. If your email address has been compromised, not only should you change the password there, you should also change it on any other site that uses that email address as a log in ID."

If a cybercriminal had the email account information and wanted to take over a related social networking account, all they would have to do is try the password reminder links from the login pages. Then they could use the victim's email to spam, but they could also gain access to other personal information, not to mention use your account to spam social networks as well.

Facebook - Forgot Password

MessageLabs says it has tracked a number of phishing attacks using Instant Messaging, where bad guys would collect real IM user account info and passwords, only to use them to send spam to everyone on the person's buddy list. This is another possible result. "An invitation to view a funny video or embarrassing pictures by clicking on a link in an IM was the bait and the landing site would then ask the victim to log in with their IM user name and password," the spokesperson says. "For public IM networks, the user name is often the same as the web-based email account."

In other phishing-related news, the FBI has charged nearly 100 people in the United States and Egypt as part of Operation Phish Phry," one of the largest cyber fraud phishing investigations ever. WebProNews has more details on that here.

  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Twitter
News Tags: Social Media, passwords, social networks, Phishing, threats, Email, Spam, Security, webmail
About the author:
Chris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Twitter: @CCrum237

Publish A Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
7 + 11 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
SEARCH
Popular WPN Business Resources
WebProNews Video Blog View All Videos












Subscribe to WebProNews


Send me relevant info


WebProNews Videos | Advertise | About Us | Newsletter | Archive | News Feeds | Terms & Conditions | Login

WebProNews is an iEntry Network ® publication - © 1998-2009 All Rights Reserved