A hotmail phishing scam that took over more than 10,000 accounts proved to be problematic as a combination of severe hacking and good spelling made the attack particularly convincing.
Emails arrived seemingly from friends claiming to be in dire need and requiring money transfers. One claimed that the sender had been mugged in South Africa and needed some funds desperately.
A BBC article from back in October say that accounts and passwords had been published in several places online including pastebin.com since October 09, and that the accounts had been open for phishing scammers since then. One source said that hotmail addresses beginning with a or b had been intially targeted. Though Microsoft acknowledged the problem at the time, it seems they have done little to help - or warn - customers.
Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts. "We still don't know the scale of the problem," he said.
Confused customers were having a hard time getting any help from Microsoft.
An artist friend just got one of these emails. They appear to come from a friend's email address and uses the friend's name in it. Maybe the spelling is ok, but the formatting remains horrible. It also has that weird period at the end of their signature name like many scam emails do lately. Here is what this one looked like (with the friend's email edited out):
ReplyDeleteFrom: [edited out]
Date: July 22, 2010 12:06:21 PM PDT
To: undisclosed-recipients:;
Subject: very urgent message
Hello,
How are you doing?I am sorry I didn't inform you about my traveling to England for a
Seminar/conference.
I need a favor from you as soon as you receive this email, I misplaced my wallet where
money, and other valuable things were kept on the way to my hotel . Can you urgently assist
me with a soft loan of $2,500 US Dollars to help enable me sort-out my hotel bills and get
myself back home. You are the only one I can trust with this, please can this be between us?
You have my word; I will refund you as soon as I return.
I will appreciate whatever you can afford, I'll pay you back as soon as I return I promise,
Let me know if you can assist, to enable me send you the details to use in sending the money
through western union.
david.
I just found out that someone is using my hotmail address to ask for money since I am so called in th UK and need dollars to pay for new air ticket back to South Africa.
ReplyDeletei AM NOT IN THE UK AND I DONT NEED MONEY.!!!!
How do I block my hotmail address
It is andrepre1@hotmail.com
Can someone please let the hotmail people know as I cant get into my address anymore
Thanks
Andre