Hijacked Webmail Accounts Used to Promote Dodgy E-Commerce Sites
Tens of thousands of compromised Gmail, Hotmail and Yahoo Webmail accounts are being used to gin up traffic for dodgy, bargain-basement electronics vendors online that only accept bank transfers and Western Union payments, security experts warn.
Over the weekend, the credentials for at least ten thousand Microsoft Hotmail accounts were briefly posted online. Microsoft acknowledged the incident on Monday, saying the accounts were stolen as part of a phishing scam. Since then, other news outlets have reported that large caches of Yahoo and Gmail account credentials also were found online.
According to an analysis by security vendor Websense, attackers used the hijacked accounts to spam each victim's e-mail contacts, sending messages that tout several online electronics stores. According to Websense, the stores promoted in the spam e-mails are all fakes set up to steal your money (click the image at the right for an enlarged screen shot of one sales pitch that Websense says it traced back to this scam).
I wrote about a similar attack back in April (see Spam From Hijacked Webmail Accounts) after a number of readers (including a family member) complained of having their Webmail accounts hijacked and used to send this type of spam. In that attack, the perpetrators also added their sales pitch to the victim's e-mail signature, ensuring that their spam lived on even after the victim changed his or her password.
The Web site named in the snap shot above -- Koreadeal.com -- features page after page of listings for electronics, some at unbelievable prices (please avoid visiting the site, as a cursory scan indicates it may harbor malicious content). However, if you put any of these items in your cart and try to check out, you'll soon find out that the only way to pay for them is by transferring the money through a bank or Western Union (click the screen shot to the left). Both the Better Business Bureau and the Federal Trade Commission have urged consumers to avoid paying for online purchases via these methods -- which are essentially cash-based and nearly impossible to reverse.
McAfee's Web reputation service SiteAdvisor.com has absolutely nothing nice to say about Koreadeal.com. That is a short time frame in which to have earned such a reputation: Koreadeal.com's registration records indicate the site has only been online for about a month.
An e-mail sent to koreadeal.com was not returned, but I managed to get a brief response from someone at Koreadeal.com via the customer support live chat feature built into the site. I asked why the company does not accept credit card payments.
"In the past, some people cheat us. So now we don [sic] not use credit card anymore," the user "Koreade" replied. When I asked whether the company was aware its site was being promoted through hijacked Webmail accounts, the person I was chatting with stopped answering my questions.
October 7, 2009; 3:20 PM ET
Categories: Latest Warnings , Safety Tips | Tags: gmail, hotmail phish, webmail hijack, yahoo
Save & Share: Previous: Zeus Trojan Infiltrates Bank Security Firm
Next: Latest FBI Crackdown on Phishing Targets 100 Defendants in U.S., Egypt
Posted by: gemofaperson | October 7, 2009 7:35 PM | Report abuse
Posted by: JeffBbiz | October 8, 2009 10:40 AM | Report abuse
Posted by: smokingspirit123 | October 12, 2009 3:07 PM | Report abuse
The comments to this entry are closed.