Main Marketing Finance C.Suite
Small Business Centre Mid-Sized Business Centre
Email the Editor Email the Editor   Email a Friend Email a Friend about this article   Print this Page  Print friendly page

Hacked e-mail accounts used in 419 scam "with a twist"

E-mail accounts of unsuspecting users are being infiltrated by hackers who then send "419-type" e-mails to contacts in the address book of the captured account.
7/3/2008 5:00:00 AM By: Joaquim P. Menezes

Hacked e-mail accounts used in 419 scam with a t...

At first blush it seems like a typical 419 (or Nigerian letter) scam – the standard e-mail directing the intended victim to do certain things that supposedly result in a huge payoff to the latter.

But there's one key difference: many such messages are now being sent to the personal contacts list of unsuspecting users whose Web e-mail accounts have been hacked.

Global spam categories over past 30 days

Welcome to the 419 scam with a twist, documented by the July 2008 monthly 'The State of Spam' report put out by security company Cupertino, Calif.-based Symantec Corp.

Symantec's latest report cites an actual case to illustrate the modus operandi.

The user's Web mail account was hacked and the rogue 419 email was sent to his personal contacts.

"Friends and colleagues received the request for assistance and were urged to respond via e-mail only," the Symantec report says. "As the hacker took over the user's account, the real owner would not have known about the e-mail, if recipients fell for the scam."

To make the message appear more authentic, the account owner's auto-signature was appended at the end of the message.

In this particular case, the scam did not end there.

According to the Symantec report, after capturing the e-mail account, the hacker got the owner's online auction site password e-mailed to the account.

"The hacker then began bidding on a number of laptops being sold in the U.K. and instructed that the laptops be sent to Nigeria."

This scam was not isolated to one particular Web mail provider or organization, the report noted.

Bogus "account expiry notifications" are commonly used by cyber crooks to gain e-mail account information and then take over these accounts, the study suggests.

It urges users to be wary of such notifications and not "provide their account details unwittingly to a third party."

The harvest is plentiful

The report also recounts other common ways spammers obtain e-mail addresses, many of which are by now well known, such as:

  • Using spam bots that crawl the Internet looking for e-mail addresses;
  • Bombarding an e-mail server with e-mail addresses and storing those that don't bounce; and,
  • Buying lists from other spammers
share: Twitter Facebook Digg
Sign up for our IT Business Newsletters
Page Navigation 1) Bogus "account expiry notifications" are commonly used by cyber crooks to gain e-mail account information. – Page 1
2) The virus is spread by infected e-mails with sensational subject lines. – Page 2
>> Next Page 
<< Back
Bookmark:  delicious |   Google |   Technorati |   StumbleIt |   Yahoo!

Email a Friend Print This page


blog comments powered by Disqus