Users Whose Accounts Get Hacked Find Out From Their Friends

Less than one-third of users said they noticed when their accounts had been compromised, and more than half found out when their friends alerted them, according to a new report.

Commtouch's new "The State of Hacked Accounts" report found that 62 percent of users didn't know how their Gmail, Yahoo, Hotmail, and Facebook accounts were hacked, and 15 percent thought they had their credentials stolen while using risky unsecured WiFi and public Internet terminals.

And these attacks are mostly about sending spam email and spreading other scams. "Commtouch's poll reveals that more than two-thirds of all compromised accounts are used to send spam and scams,” said Amir Lev, chief technology officer for Commtouch. "This is not surprising, as cybercriminals can improve their email delivery rates by sending from trusted domains, such as Gmail, Yahoo, and Hotmail, and enhance their open and click-through rates by sending from familiar senders."

Yahoo email accounts were targeted the most in attacks, with 27 percent of the compromises, followed by Facebook, with 23 percent; Gmail, with 19 percent, and Windows Live, with 15 percent.

One in eight hijacked accounts were used for a phony distress email scam that asks friends to wire funds to a foreign country, and more than half of the accounts were used to send spam. Among the 34 percent of users who knew how their accounts were hit, 15 percent said it was due to a link in Facebook, a WiFi connection (15 percent), or clicked-on email-borne malware (15 percent).

While 54 percent said their friends alerted them to the hack, 31 percent figured it out themselves, and 15 percent were notified by their service providers.

Meanwhile, Commtouch's latest quarterly threat report shows that more than 230 billion emails were sent with malicious attachments in August and September, with SpyEye, Zeus, Sasfis, and fake antivirus among the most popular malware in them. That's the most malicious email traffic recorded in more than two years, according to the report.

The country with most bot-infected machines? India, with 18 percent of the world's bots.

A copy of Commtouch's report on stolen accounts is available here for download, and its quarterly threat report, here.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.