At first glance, the email looks like a typical 419 scam. The twist is that the email came from a user’s hacked webmail account and was sent to his personal list of contacts. Friends and colleagues received the request for assistance and were urged to respond via email only. As the hacker took over the user’s account, the real owner would not have known about the email if the recipients fell for the scam. As a further stamp of authentication, the auto-signature typically used by the account owner was included at the end of the message. As a result, the account owner was quickly notified by a friend via telephone of the scam, and immediately contacted the webmail service providers to get his account access back. This proved to be difficult because the hacker had changed the account details such as password, address and secret question.
The scam did not stop there – once the hacker had access to the email account, he was able to get the account owner’s online auction site password emailed to the account. The hacker then began bidding on a number of laptops being sold in the UK and instructed that the laptops be sent to Nigeria.
It is important to note that this scam was not isolated to one particular web mail provider or organization. This scam also serves as a timely reminder that users should always keep passwords secure and never share them with anyone. Also, be wary of “account expiry” notifications that try to entice users to provide their account details unwittingly to a third party.
Source: Symantec’s “The State of Spam A Monthly Report – July 2008”.