informa
/
Risk
Commentary

Hotmail Phishers Pull In Poor Passwords By The Thousands

Tens of thousands of email accounts from Hotmail, Gmail, Earthlink, Yahoo and Comcast compromised by phishing scams had those those details posted briefly online for all to see. One thing that was seen was how many of those accounts had lousy passwords.
Tens of thousands of email accounts from Hotmail, Gmail, Earthlink, Yahoo and Comcast compromised by phishing scams had those those details posted briefly online for all to see. One thing that was seen was how many of those accounts had lousy passwords.The posting of the compromised accounts' information on pastebin (the posts have now been removed) offered both a reminder of both the volume commoditization of account information, and an insight into the users who responded to the phishing campaign in the first place.

Many of them had passwords that were as unsafe as their surfing habits.

We're talking passwords like 123456 or, for the more "security" minded, 123456789.

No surprise here, or there shouldn't be. While the number-sequence passwords listed above evidently accounted for only a few dozen of the tens of thousands of compromised log-ins, it's a pretty safe bet that plenty of the other passwords were barely more secure.

And if they're not taking proper care in creating and frequently changing their passwords, what do you think the odds are of their taking care about clicking on potential phish-links?

Yeah, that's what I think, too.

Time to gather every one of your employees -- whether or not they use Hotmail, Gmail, or any of the other targets (and that's what are: targets; the poor security here was on the users' part) -- and give them a strong refresher course in

How to recognize phishing scams like the recent Hotmail harvest. How to build and maintain strong passwords.

Recommended Reading:
Editors' Choice
Amichai Shulman, CTO and Co-founder of AirEye
Biagio DeSimone, Enterprise Solution Architect, Aqua Security