Phishing attacks that affected customers of Microsoft’s (MSFT) Hotmail Monday have compromised more than 30,000 email accounts, including those of Gmail, Yahoo (YHOO) Mail and other services.

Microsoft blamed phishing, in which cybercriminals try to trick consumers into revealing personal information through fraudulent emails, for a list of Hotmail account passwords that appeared online. The company recommended Hotmail customers change their passwords and said it’s helping phishing victims fix compromised accounts.

But security firms and the BBC said Tuesday that the attack extended to other services, including those run by Google (GOOG) and Yahoo as well as AOL, EarthLink (ELNK) and Comcast (CMCSA).

Read the rest of this post on the original site

Microsoft says a phishing scheme is behind the exposure of passwords to thousands of Hotmail accounts late last week and adds that it’s helping affected customers regain control of their accounts.

On Monday, the Neowin technology blog posted a story saying that an anonymous user on Oct. 1 had uploaded a list with password details of more than 10,000 Hotmail accounts to a Web site called pastebin.com, where developers typically share programming code with each other. Neowin said it had seen part of the list, which has since been removed, and notified Microsoft of the issue.

After an internal investigation into the leaked Hotmail credentials, Microsoft (MSFT) said in a statement that it determined the passwords were obtained through a phishing scam. In a phishing scam, hackers send out legitimate-looking emails under the letterhead of banks, eBay (EBAY) and other institutions, usually telling consumers they need to reset online passwords to their Web sites for security purposes.

Read the rest of this post on the original site

Phishing attacks seem to have become a regular hazard for Twitter and Facebook users, and lots of people are falling for them.

Phishing is one of those things that will, it seems, always be with us: indeed, the more secure we make our systems, the more likely the bad guys are to go for the “social engineering” approach.

Read the rest of this post on the original site

The latest phishing scam on Facebook has raised the question yet again as to whether the social-networking site is dropping the ball on security measures and properly responding to privacy complaints.

Facebook faced consumer fraud charges in 2007 for allegedly responding too slowly to user complaints about harassment, pornography or nudity from the social-networking site. The probe into the company’s safety procedures by New York state Attorney General Andrew Cuomo resulted in a settlement requirement that Facebook respond to such complaints within 24 hours.

But in a recent string of phishing attacks in which hackers have broken into a user’s Facebook account and hit up his or her friends for money with the online chat tool, pretending to be stranded or robbed, complaints have emerged that the privacy team at Facebook hasn’t responded to users in a timely manner.

Read the rest of this post

You might be familiar with phishing attacks, those messages sent by criminals that look like they’re from a bank or Nigerian prince. But what about Twishing?

The term may enter the tech lexicon this week, thanks to an attack targeting the Web site Twitter, which runs a popular service that lets people share short updates about what they’re doing. (Blame Brian Krebs of the Washington Post if it sticks.) Over the weekend, cyber baddies sent phishing messages via Twitter’s service to other account holders. The message directed people to a Web site that looked like Twitter’s homepage, but was really operated by the bad buys. As people logged in to the fake Twitter site, the bad guys captured their user names and passwords. Twitter warned account holders Saturday about the scam in a post on its blog, and advised those concerned to change their passwords.

Read the rest of this post

Newsweek is reporting that computer networks of both the Obama and McCain campaigns were the targets of a sophisticated cyberattack in the run-up to the general election and, in the Obama case, “a serious amount of files” were downloaded from the system.

The Obama camp initially thought in midsummer that their system was infected by password-stealing malware uploaded to someone’s computer through a phishing attack. But after FBI and Secret Service agents investigated, they told staff they had a problem “way bigger than what you understand.”

The intrusion even led White House Chief of Staff Josh Bolten to tell the Obama camp, “You have a real problem … and you have to deal with it.”

Read the rest of this post

Computer security professionals say many net forums are populated by teenagers swapping credit card numbers, phishing kits and hacking tips.

The poor technical skills of many young hackers means they are very likely to get caught and arrested, they say.

Youth workers added that teenagers getting a criminal record would be putting their future at risk.

“I see kids of 11 and 12 sharing credit card details and asking for hacks,” said Chris Boyd, director of malware research at FaceTime Security.

Many teenagers got into low-level crime by looking for exploits and cracks for their favorite computer games.

Read the rest of this post

Here’s the latest sign that businesses are losing the tech security fight: The bad guys are starting to steal from one another.

That could sound like a good thing–better that hackers and other cyber criminals squabble among themselves than attack innocent businesses and consumers–but it really isn’t. This internecine theft isn’t the online version of a gangland fight to the death. Rather, veteran criminals are finding ways to take credit card numbers and other information from newbie crooks, Billy Rios, a security engineer at Microsoft who spends his free time researching the cyber black market, tells the Business Technology Blog.

Read the rest of this post

Of all the methods scammers use when hunting for victims, phishing is one of the most difficult to guard against. Phishing attacks are designed to exploit societal vulnerabilities more than technical flaws, and, in some cases, are extremely difficult to block. Even the best anti-malware software suite can’t stop an end user from willingly revealing personal information, particularly if the Web site being used to collect the data doesn’t trip any high-alert security alarms.

The Federal Trade Commission has taken an interest in educating consumers on the dangers of phishing. To that end, the government organization has prepared three separate 60-second videos on the ways and scenarios a consumer might possibly encounter a phisher.

Read the rest of this post