Symantec Warns: Your Personal Email Account Could be Hacked

09 Aug

Symantec, a global leader in providing security, storage and systems management solutions, has released its monthly State of Spam report for July 2008 (see attached). The following are a few highlights of the latest trends in the report:

Olympics Related Lottery Scam Emerges
Symantec observed message scams claiming to originate from the Beijing Olympic Committee. The fraudulent messages purport to declare the winners of the lottery for an Olympic promotion. The message body had a small note informing the recipient about the mail and instructed them to open the attachment for further details.

The attachment informed the recipient that she won a lottery from randomly selected email addresses. In order to claim the prize, the user had to contact the courier company below via email. Personal information was also requested. As the lead up to the Summer Olympics in Beijing continues, it is expected that more fraud and spam messages exploiting immense public interest in the event will emerge.
Future Watch: Spammer Techniques
As antispam filters continue to become more sophisticated, spammers techniques are evolving. However, some spammers return to techniques they have deployed in the past. One technique they have used, and continue to use, is sending bogus news headlines as subject lines for their spam emails to try and entice recipients to open the message.

By opening these messages, the user is invariably presented with a link directing them to a spam offer. Using eye catching and often absurd subject lines is a quick ploy by spammers to catch the recipient’s attention and play on their curiosity. However, it is also salient to note that by educating themselves and exercising common sense, users can continue to utilize the Internet’s vast resources to their benefit, which was its original intended purpose.

Hacking Personal Emails
At first glance, the email above looks like a typical 419* scam. However, the twist is that the email came from a victim’s hacked webmail account and was sent to his personal list of contacts. Friends and colleagues received the request for assistance and were urged to respond via email only. As the hacker took over the user’s account, the real owner would not have known about the email if the recipients fell for the scam. As a further stamp of authentication, the auto-signature typically used by the account owner was included at the end of the message.

As a result, the account owner was quickly notified by a friend via telephone of the scam, and immediately contacted the webmail service providers to get his account access back. This proved to be difficult because the hacker had changed the account details. The scam did not stop there – once the hacker had access to the email account, he was able to get access to the account owner’s auction site password, and began bidding on a number of laptops being sold in the UK with instructions that the laptops be sent to Nigeria. It is important to note that this scam was not isolated to one particular web mail provider or organization.

Leave a comment

Posted by on August 9, 2008 in Symantec


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: