Just great. 20,000 Gmail, Yahoo, AOL, and other e-mail service provider users also hit by phishing scam.

Yesterday I posted about how 10,000+ Hotmail accounts were caught in a wide-spread phishing scam. Today, according to the BBC, “20,000 more names and passwords that have been posted online.” However, this time the e-mail accounts not just limited to Hotmail (@hotmail.com, @msn.com, and @live.com) accounts. This time, accounts affected are from Gmail, Yahoo, AOL, Comcast, Earthlink, and more. The BBC goes on to further state “Some of the accounts appear to be old, unused or fake. However, BBC News has confirmed that many – including Gmail and Hotmail addresses – are genuine. Other addresses include Comcast and Earthlink accounts.”

So moral of the story? Well, first go reset your e-mail password. Second, do not have the same password for everything you use. Third, do not click on links in e-mails you did not ask for or you don’t know why you are receiving. Fourth, go read Ashraf’s guide on best free security software which will help in detecting and exposing phishing scams before you are trapped.

Related Posts

  • Mags

    Just an FYI

    I just received the below phishing email this A.M.. so this is infor for the Canadian DotTech(ies)

    How did I know it was a phishing email?

    Firstly the email came from @live, even though Bell/Sympatico and MSN are partners, they do not use the @live when sending emails. Secondly they are wanting people to veryify their sympatico accounts. Bell is dropping the sympatico name for their internet service and just using Bell now. (although users can still use sympatico in their emails if they choose) There are other signs as well.

    Anyway, below is the main parts of the email, I’ve just x’d out my email addy in it.

    From: Bell Mail member_service0107@live.com

    This e-mail has been sent to you by Sympatico inform you that we were unable to verify your account details. This might be due to either of the following reasons:

    1. A recent change in your personal information. (eg: address, phone)
    2. Submitting incorrect information during register process.

    Due to this, to ensure that your email service is not interrupted, we request you to confirm and update your information today by following the link below

    If you have already confirmed your information then please disregard this message.

    Bell Sympatico member services
    © 2009 Bell Live inc.

  • I don’t know if it’s related, but there’s a viral Facebook phish I’ve seen going around (even posted on my own profile) that links to a fake Facebook login page. I assume that once you type in your email and password, it logs into your Facebook account and reposts the phish to some random friends’ walls.

  • Ashraf

    @Farrukh: It is phishing. Phishing does not involve the intelligence of the “hacker” but rather the lack of intelligence of the “hackee” if you get what I mean.

    @John: Be nice =). Everyone makes mistakes =P.

    @Al Hall: Well it was posted to PasteBin.com but they removed it soon as it was discovered. If you were affected chances are your account will be locked or you will be contacted by your e-mail service provider soon.

    Also, if you have not entered your login credentials at any funny websites and/or answered funny emails, don’t worry you should be fine.

    @Roy Smith: They removed it.

  • Roy Smith

    @Al Hall

    Ashraf put the address up for the 10,000 yesterday as Pastebin.com and I went there and searched around as best I could to check if mine was one but I wasn’t able to find anything .

    Maybe they’ve deleted it by now or maybe not (I might not have searched well enough) and you might do better

    Good Luck!

  • Al Hall

    I’d like to know where the site is that has all those email addresses and passwords so that I could just check to see if my address is there. Any idea where it is Ashraf?

  • John

    I recently recived a email asking me to sing in to all my email acounts because they were redoing something. I knew then it was phishing site and deleated it. If you were stupid enought to do it I say it is a good lesson

  • Farrukh

    Great. I really admire the intelligence of hacker :)