Hacker Scams Woman Using Victim’s Yahoo E-mail
A woman named Andi Holland, resident of Enid Oklahoma (USA) and Cherokee Strip Regional Heritage Center's executive director, realized that a phishing scam had victimized her when she began receiving calls from friends and acquaintances enquiring about her well-being because they had got e-mails that said - she was in trouble being stranded in UK and therefore in need of money.
A number of people got an e-mail from the Yahoo e-mail account of Holland, saying that she had been robbed of all her belongings including money and cell-phone in a Manchester (UK) hotel. Now she urgently required her friends to wire money so that she could clear her hotel expenses and return home.
But when Holland tried to send e-mails to everyone informing them that she was okay, the e-mails wouldn't go and soon she realized that she was prevented from using her own Yahoo account.
A person named Sean Byrne who is United Way's executive director in Northwest Oklahoma and who received the fake e-mail said that message probably got distributed to all the ids on Holland's contact list.
Byrne further said that after carefully going through the text, it was evident that Holland didn't write the message as the word usage, grammar and punctuation in it was different from what the US people normally used. Nevertheless, it did stir doubt momentarily, he said.
It is not only Holland who has been scammed this way. Microsoft.com states that social engineering can be of three types with which criminals attempt at reaching users' PCs. Moreover, this tactic is essentially used to plant malicious code or spyware on victims' system or to deceive users in a way that they divulge their passwords, financial or other private information. These different social engineering types are e-mail hoaxes, phishing and spear phishing.
Apparently, in the case of Holland, the attacker seemed to hack through spear phishing, dispatching an e-mail which looked authentic to each of her contacts. Moreover, Microsoft advised that users should never view any attachment arriving through a dubious e-mail for it could have a virus capable of damaging their computers.
Related article: Hacker & Virus in MySpace
» SPAMfighter News - 13-08-2009