Use Yahoo! Mail? Secure that password...

My family never really listens to me when I talk about security related topics, but now my sister regrets it. She had a simple password (since has been changed) and I believe they used a dictionary attack to get into the account. Once in they sent an e-mail to everyone in her account for a website. Then they deleted all of her contacts (I was able to get those back). But the real kicker that she couldn't figure out was whenever she would send herself an e-mail it would send the spam e-mail back to her. She got home and I took a look, what they do is setup a out of office reply that contained the spam e-mail. We got everything back and cracking, but just wanted to warn anyone who uses Yahoo!....

Here is the e-mail that is sent:

hi:
New shopping new life!
How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.
Look forward to your early reply!
REMOVED SPAM CONTACT INFORMATION

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

mikej412

Posting their websites, domains, and contact information only helps move them up in search engines.

the_Grinch

My bad mike! Thanks for that!

HeroPsycho

They don't even need to dictionary attack it. Sarah Palin's yahoo accounts were compromised through social engineering of Yahoo tech support.

tiersten

HeroPsycho wrote: »

They don't even need to dictionary attack it. Sarah Palin's yahoo accounts were compromised through social engineering of Yahoo tech support.

I thought it was the automated password recovery mechanism?

HeroPsycho

tiersten wrote: »

I thought it was the automated password recovery mechanism?

From what I read, it was a combination of the two. Forgot the exact details...

the_Grinch

Yeah Sarah Palin's was the use of open source information. They use a system where you have to have the username, birthday, and country. That gets you to the next prompt which will ask the secret question. In her case I believe it was the high school where she met her husband. I don't believe this was the case with my sister, but who knows!

wd40

It happened to me and I use a 14 mixed characters password!

http://www.techexams.net/forums/off-topic/38626-url-www-e-********-com-url-my-e-mail-hacked.html#post278405