Email phishing attack spreads to Gmail and Yahoo

[ripper]

Read More

[ceyfer]

read and practice the steps below !

Q: What should people do if they think they have received a phishing e-mail?

A: If you think you may have received a phishing e-mail, you should take three steps: (1) take some time to check up on it and do not click on a link or give out your personal information, (2) make sure you have created a strong password for your account and (3) report the phishing scam.

• The most important thing to remember is do not click on the link or give out your personal information. It is possible for your computer to become infected with malicious software simply by visiting a phishing site – without you even realizing it. If you receive a questionable e-mail, take some time and check up on the information. Often sites like snopes.com list common e-mail scams. Go to that website of the company you received the e-mail from and contact their customer service reps via phone or online to verify the validity of the e-mail.

• Another thing you should do is create a strong password for your e-mail account by using more than 7 characters and having a combination of upper and lower case characters, numbers, and special characters, like the @ or # symbols. It's also a good idea to change your password on a regular basis. The next time you change your Hotmail password, you can check “make my password expire every 72 days” to remind you to change it.

• Finally, help us identify new scams. If you use Hotmail and received a phishing e-mail, you can select the dropdown next to "Junk,” and select "Report phishing scam.” Whatever you do, do not reply back to the sender. You should also report phishing scams to the Anti-Phishing Working Group by e-mailing them at reportphishing@antiphishing.org.

[noaccount]

Gmail is dealing with its share of the stolen accounts by forcing password resets, and a spokesperson at Google said there was no breach in Gmail security. This comes right on the heels of a possibly-related Hotmail-only phishing attack that hit 10,000 accounts earlier this week. To be safe, make sure you use a different password for each service you sign up for (the BBC says 40% of Internet users have the same password for everything), and if you click on a link in your email, make sure you're on a legitimate website before you sign in.

Source

No strange IPs or mails here... but if your life is in google one word of advice: change your password (better safe than sorry).

[kavinraja]

I receive lot of phishing mails in my yahoo, but havent got any such in gmail...

Most of them tend to attract us by promising us a huge amount to be obtained through a reward...

[luffy]

Q: What should people do if they think they have received a phishing e-mail?

A: An email that have $$ in it. And it asks for your name, address and shipping fee to send the money. Don't open it just click on the SPAM. Create a new account also.

[hellnoire]

What I like is that my school also got phished too... we had a lot of idiots, even in IT that fell for it, hook, line, and sinker!

[noaccount]

this is confusing but seems to me this is more than a phishing scam with bbc reporting

seen two lists that detail more than 30,000 names and passwords from e-mail providers

so the risk of having your e-mail account compromised is real and although i didnt track any suspicious ip activity in my accounts i decided to change password as it takes only 5 sec... anyway this issue seems almost forgoten...

[noaccount]

"The FBI and Egyptian authorities have arrested 100 people in what they're calling 'the largest international phishing case ever conducted' as part of a wide-scale investigation called Operation Phish Phry. The criminals used phishing to get access to hundreds of bank accounts, stealing $1.5 million. 'This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands of bank customers,' said Acting US Attorney George S. Cardona."

FBI Cracks "Largest Phishing Case Ever"

Come on, people. You’re probably aware of the big Hotmail scandal going on right now, what with some 30,000 account names and passwords having been leaked over the past few days. And now Gmail and Yahoo! e-mail accounts appear to have been compromised. The thing is, these leaks aren’t the result of a software glitch or anything, but the result of successful phishing attacks. I have one question: what the heck is wrong with you people?

Dear friends: Please stop falling for phishing attacks

If you suspect that an unauthorized person has used your Windows Live ID to sign into your Windows Live Hotmail acccount, or any other Windows Live service, please read this article for further help.

What to do if you think your Hotmail account has been stolen

[ceyfer]

Well I found an interesting article from Acutenix

An anonymous user posted usernames and passwords of over 10,000 Windows Live Hotmail accounts to a web site called PasteBin. PasteBin is currently down for maintenance but I managed to get a copy of the list, and quickly generated some statistics from these passwords.

Top 20 most common passwords:

• 123456 - 64
• 123456789 - 18
• alejandra - 11
• 111111 - 10
• alberto - 9
• tequiero - 9
• alejandro - 9
• 12345678 - 9
• 1234567 - 8
• estrella - 7
• iloveyou - 7
• daniel - 7
• 000000 - 7
• roberto - 7
• 654321 - 6
• bonita - 6
• sebastian - 6
• beatriz - 6
• mariposa - 5
• america - 5

Acutenix
Statistics from 10,000 leaked Hotmail passwords

Zeroday
Weak passwords dominate statistics for Hotmail's phishing scheme leak

fault: It was plain human error ( weak password ) and stupidity ( phising link )

[noaccount]

Anatomy of a Hotmail phishing attack (Neowin publishes one of the phishing emails used)