Hotmail Phishing Scam Also Targets Gmail, Yahoo Mail

It seems as if the massive phishing campaign reported yesterday was not specific to Hotmail.com as was initially believed. According to a report by the BBC, many Gmail and Yahoo Mail accounts have also been compromised. (Source: computerworld.com)

While the source of the latest attacks has not been determined, many are pointing to the same bug that claimed at least 10,000 passwords from Microsoft Windows Live Hotmail.

Microsoft, Google Prompt Password Reset

Microsoft has done their part in blocking all known hijacked Hotmail accounts and created tools to help users who had lost control of their email. The company posted an online form where those locked out of their accounts can reclaim control of their system and verify their identity. There is also a Microsoft support page available where users can go to learn about the steps needed following an attack.

On their end, Google responded to the attacks by forcing "password resets on additional accounts when becoming aware of [the attacks]." (Source: networkworld.com)

Compromised Account Figure Balloons to 20,000

Neowin.net first reported the Hotmail account hijackings on Monday. According to the site, there is a list circulating that is believed to contain the legitimate log-in information of over 20,000 accounts. Neowin also reported that in addition to Google and Yahoo, popular web mail services Comcast and EarthLink have also been affected.

Attacks May Have Span Several Months Prior

Dave Jevans, the chairman of the Anti-Phishing Working Group (APWG), weighed in on the issue, claiming that the total number of hijacked accounts could be deceiving. While the total number of compromised accounts may be accurate, they were not harvested during one single attack. Rather, Jevans believes that the usernames and passwords were taken over a period of several months. (Source: computerworld.com)

The news of such a powerful phishing attack comes as a surprise to many insiders, since earlier this year the number of attacks recorded had actually decreased. The phishing practice experienced a resurgence during the summer months, when the number of unique phishing-oriented websites had spiked to 50,000 in June.

This is the second-highest total since the industry started holding records.