New Email Scams Stealthier Than Ever: Report

Dennis Faas's picture

An online security firm says hackers are putting renewed efforts into breaching web email accounts. The tactics are based on getting hold of web email login details rather than spreading malicious software to PCs straight away.

Trend Micro reports that while attacks on Google's Gmail have been making headlines, thanks largely to high-profile breaches in China and an ongoing war of words between that country's government and Google, both Yahoo Mail and Hotmail have also been under attack. (Source:

Online Scammers Look to Double Their Options

There appear to be two main tactics in the web email login attacks.

The first is based on phishing, which involves tricking the user into disclosing user names and passwords; for example, by luring them to a bogus website that appears to be a legitimate log-in page for an email service.

A second tactic involves exploiting flaws in the way such services use the MHTML protocol. That's a special format that allows a user to save an entire webpage complete with all its images, media files and other content into a single file.

By exploiting the flaw, the hackers are sometimes able to get access to an account simply by having the user open a message containing a bogus link, even without clicking on it. (Source:

By combining both tactics, scammers can not only automatically get copies of the user's new messages, but can send messages themselves that appear to be from the user, thus making it easier to trick their friends, family and other contacts into revealing personal data.

Forewarned Is Forearmed When Payload Drops

Another element to the scam involves taking advantage of the way webmail accounts work to discover what software is installed on the user's machine, including antivirus software.

If and when the scammers decide to spread malware to their victims, it's a much easier task when they know what defenses are in place. The good news is that in Yahoo's case, exploiting this loophole has proven mostly unsuccessful.

According to security researchers, it may be worth checking webmail settings at regular intervals to see if any unexpected addresses are listed for forwarding purposes.

| Tags:
Rate this article: 
No votes yet