Why Your Email Password is Important
Recently one of my close mates told me about a two-part scam that had been inflicted on a relative of his, who used Hotmail for his email access. Firstly, he received what appeared to be an official-looking email from Hotmail, saying that the details of his account needed to be reconfirmed or else it would be closed within 24 hours. The email included a link to a form requesting that basic details, including passwords and telephone numbers, be confirmed.
Many computer savvy people, like my mate and myself, recognise that such scam attempts to gain access to passwords are common - but unfortunately, in my mates relatives case, it was successful.
Having gained access to the account, the scammers then sent the following email to everyone in the man's address book:
How are you doing? Sorry I didn't inform you about my traveling to London for a program, I'm presently in London and am having some little difficulties here because i misplaced my wallet on my way to the hotel where my money,and other valuable things were kept.I will like you to assist me with a soft loan urgently with the sum of (88GBP) to sort-out my hotel bills and to get me back home. I will appreciate whatever you can afford to assist me with, I'll Refund the money back to you as soon as i return, let me know if you can be of any help?
There are several elements in this message that might raise the suspicion of a recipient, including the awkward phrasing and the unlikely scenario of someone travelling to London (a major journey from Australia - where my mate received the email) without letting anyone know.
Nonetheless, if even just one or two friends or relatives responded, it could represent a major windfall. Fortunately, that didn't happen in this case, but it demonstrates the importance of keeping an email account protected. (Even know this scam hasn't worked, the email contacts stored with Hotmail would remain available to the scammers.)
It also demonstrates the importance of treating email queries with a suitable degree of suspicion. Another way to put it is, anyone receiving an unexpected request for money like this should verify the situation with the person concerned by phone or SMS. They may need to be warned. Do not reply by email, as the message will only go to the spammers."
What happens when a security company gets hacked?
Dramatic proof that absolutely no-one is immune to cyber-attacks emerged in February when the Web site of anti-virus software developer Kaspersky Lab was compromised by hackers.
After reports on a Romanian blog boasted that the US support site for Kaspersky had been attacked by hackers associated with the blog, the company confirmed the attack in a terse statement on February 7th. "Several attackers with IP addresses from Romanian ISPs launched an SQL injection attack on a subsection of the site," it said. SQL injection attacks are typically used to attack Web sites, such as support pages, which draw much of their content from databases. The attack adds extra code to the page, which may not change its appearance, but can make it easier to install unwanted malware on the computers of people who visit the site.
Kaspersky removed the site after being notified of the problem, and said that no personal data had been compromised. "A thorough analysis conducted by Kaspersky Lab's Web security experts immediately following the attack revealed that although the attack had penetrated the support site, no sensitive data was compromised. No activation codes or personal data were leaked as a result of the attack.
Kaspersky also emphasised that since its core expertise was in protecting individual PCs, rather than corporate sites, the effectiveness of its own products was not in question. However, the attack demonstrates yet again that attacks on sites remain one of the favourite tactics for criminals looking to spread malware and cause online chaos.
Of course, part of the reason for attacking a security company was to gain maximum publicity. In a report commissioned by Kaspersky on the incident, security consultant David Litchfield noted: "Kaspersky was deliberately targeted. The attacker, based in Romania, used Google to search for Web servers owned by Kaspersky running applications that may be vulnerable to SQL injection."
Experts have often speculated that as Web sites become more crucial to corporations, criminals will attack those sites and essentially hold them to 'cyber-ransom', though there aren't many documented cases of this. Of course, a company that had agreed to pay a ransom might not want that information made public either.
Resource:
http://www.kaspersky.com/
Published by Daniel Liu
A student looking forward to share his articles! View profile
- SQL Injection Just What is ItSQL Injection is one of the many web attack used by hackers to steal data from organizations
How Governor Sarah Palin's Email Account Wasn't HackedA short while ago Vice Presidential candidate Sarah Palin's personal yahoo email account was announced "hacked". 
All About Brink's Home Security CompanyBrink's Home Security Company is an award winning company with a long history of customer satisfaction.
Home Security System: 5 Things to Look for When Choosing Home Security C...Need a home security system? Before you sign up with a company, make sure they're reputable.- How to Get an Email Account for Internet NewbiesNew to the internet? This article will help you get started with your first email account.
- Email Scams: Six Email Messages You Do Not Want to Click
- The Importance of Names in Wizard of Earthsea
- The Importance of Setting in The Wind in the Willows
- The Importance of Phylogenetics to Endangered Species Conservation:
- How to Spot a Computer Virus in Your Email Inbox
- How to Setup Your Email Account in Opera
- Former NC Governor Mike Easley Had Secret, Illegal Email Account as Nick Danger
- Learn why email password is important.