E-mail Scammers Focus on Webmail Accounts

According to security researchers, spammers are infiltrating users' Webmail accounts and using them to dispatch e-mails to each of the persons on the victim's address book. The e-mails usually advertise websites like electronic business sites alternatively make a direct request for money.

Explain the researchers that Webmail is an e-mail facility that is used through an Internet browser as opposed to a normal e-mail client.

Evidently, the 'Webmail account' hacking dishonorably manipulates a long standing scam. Miscreants down the years have relied on stolen e-mail ids from where they have been spamming mails so that the e-mails appeared authentic. However, with anti-spam solutions constantly improving in preventing such hoax e-mails, the conmen are currently compromising actual accounts to send their malicious e-mails.

Former Certified Public Accountant Maureen Arnold in Apache Junction, Arizona (USA) recently became a target of this kind of attack. One day as she checked her MSN mail, she saw several alert messages related to undelivered e-mails dispatched from her Webmail account which she never wrote.

To Arnold's surprise, the spam mail advertising a website that sold electronic items left her mailbox to reach her friends and family. Other attacks similarly requested recipients to remit cash to a specific bank account, with some even erasing the contact list of the hacked accounts later.

Meanwhile, the attacks highlight a frequently ignored truth that hackers chiefly target Webmail accounts due to the high value attached to them. A newly published report from the APWG (Anti-Phishing Working Group) states that the typical kinds of logins that keylogger malware steal are for e-commerce websites, financial sites as well as Webmail. Along with compromising a user's e-mail account for the dispatch of messages, miscreants could frequently harvest information with which they could break into the financial account(s) of a victim.

Moreover, experts apprehend that as cloud-computing increases along with a want to go online anytime, any place, Gmail as also other Webmail users could be exposed to a "man-in-the-middle" attack, which requires the capturing as also swindling of real cookies related to session browsing, while the intruder could be provided with complete access to an account.

Related article: E-Crime Reporting Format To Be Launched in July

» SPAMfighter News - 7/4/2009