Phishers expose email account information

Posted by Caitlin on October 7th, 2009

A massive phishing scam resulted in the exposure of tens of thousands of email addresses and passwords. One list, containing 10,000 Hotmail, MSN, and Live.com addresses and passwords, was posted online at PasteBin, a website commonly used by developers to share code. A second list soon emerged, containing 20,000 email addresses and passwords from a number of different service providers, including Hotmail, Yahoo, AOL, Gmail, Comcast, and Earthlink. Google later discovered a third list, but has not disclosed the number of exposed accounts. Google has forced password resets on the affected Gmail accounts, and several other email providers have released statements encouraging users to be cautious when opening links and attachments from unknown sources, to regularly update their Internet security software, and to change their passwords often.

An analysis of the first list of 10,000 email addresses and passwords revealed that the most commonly used password was "123456," which was used 64 times. 42% of the passwords on the list consist entirely of lowercase letters, and 19% contained only numbers. The average password length was eight characters, and nearly 20% were only six characters long. Only 6% of the passwords used a combination of upper and lowercase letters and numbers.

Clearly, Internet users need to be more educated about phishing scams and secure passwords. A phishing scam involves an email may appear to be from a trusted institution, such as a bank or popular social networking site. The email prompts the recipient to follow a link to a fake version of a familiar website, where, if all goes to plan, the victim will be conned into revealing data such as bank account information or a username and password. Often, there are inconsistencies in the email or website that reveal the scam, but as phishing scams become increasingly sophisticated, it is more difficult to recognize the tricks. One way to avoid these scams is to pay close attention to the sender's email address and to the URL of the link. If even one character is off, it is likely that you are dealing with a phisher. It's safest to type the correct URL into your web browser's address bar yourself, or to use a link saved in your bookmarks menu, rather than clicking on a link in an email. In addition, you should be alert for any other inconsistencies.

Users should also recognize the importance of secure passwords. Your password should consist of both upper and lowercase letters as well as numbers, and it should not be a single word that can be found in a dictionary. You should change your passwords occasionally, and you should not reuse the same password for multiple websites. If a hacker obtains your Facebook password, which is the same as your email password, and your email account contains an email with banking information, you have made it quite easy for the hacker to steal your identity.

In addition to using common sense and creating secure passwords, you should be sure to install and update Internet security software and consider investing in identity theft protection, which helps prevent and detect the end result of the most nefarious Internet scams.