Massive E-Mail Phishing Attack Hits Web
In a situation that may still be developing, major phishing exploits have hit webmail services over the past few days, including Gmail, Hotmail, Yahoo, AOL Mail, and others. As usual with mass phishing attacks — which aim to trick people into surrendering personal details about their online identities — it’s unclear what group or groups are behind the initiatives.
The one thing that is certain is the attacks are big.
“This is on a scale that is incredibly rare,” said Mike Halsey, who runs The Long Climb, a PC support site in the U.K. “I don’t think it’s ever happened to this extent before, at least that I’m aware of.”
The situation is unfolding rapidly. Halsey said a couple of days ago the site www.neowin.net reported that PasteBin.com had posted personal details of about 20,000 users of Microsoft’s Hotmail, MSN and Windows Live services. Then on Tuesday, details about an additional 20,000 subscribers to Gmail, Yahoo, AOL Mail, Verizon and others were posted at the same site. The posts are now off-line.
It’s possible the criminals have details on many more users that they haven’t disclosed.
Details are sketchy, and there is no certainty that the problems are over. Sean-Paul Correll, a threat researcher with Panda Security, said he didn’t see any of the data from the attacks. But he noted that phishing attacks are often precursors to other initiatives.
“It is fairly common that this would be the first stage of a larger attack. They use these e-mail addresses for something else,” he said. Correll added that identifying what group or groups are responsible depends upon seeing more of the infrastructure — such as the scripts they are using — than just e-mail addresses. He wasn’t sure what information might be available to researchers.
Related posts:
