TECH.BLORGE.com
VISTA.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

October 7, 2009 |

Hotmail phishing scam: researchers begin Spanish inquisition

By John Lister





Hotmail phishing scam: researchers begin Spanish inquisitionAnalysis of the list of Hotmail passwords recently published online suggests they may have been gathered by phishing attacks aimed at the Latino community. It also suggests many people are either unimaginative or lazy when it comes to choosing a password.

Security firms Acunetix and the Logic Group have both obtained the list of 10,000 entries and analyzed them, coming up with similar findings. By far the most common password, used by 64 people, was 123456. That suggests users simply made up the shortest password that would be accepted when registering an account.

As a note of caution, it’s possible that some of these people may have intentionally made up a bogus password when answering the request from the phishing scam. In principle that would seem unlikely as you’d think most people would either believe it a legitimate request and thus type in their genuine details, or spot it as bogus and simply click away. However, 90 passwords on the list were five characters or less (two even had just a single character), which clearly are extremely unlikely to be genuine.

What’s particularly striking about the list is that while four more of the ten most popular passwords were simply numbers (111111, 1234567, 12345678, 123456789), the remaining five entries were Latino names (alejandra, alberto, alejandro, estrella) and a Spanish word, tequiero — which also appeared in 11th place in its English form, iloveyou. (Estrella is also the name of a brand of beer.)

The phishing scam theory is looking more credible given that the list of e-mail addresses contains many invalid entries which are one letter away from a genuine address, suggesting people mistyped them when responding to the scammers. There’s not yet any detail to suggest how or why the phishers appear to have got so many responses from people of Latino backgrounds, though the most logical guess is that the bogus message was written in Spanish.

Another worrying aspect of the list is that just 36 percent of the passwords contained a mix of letters and numbers. Many security advisors urge doing this as it makes it much tougher for hackers to use brute force attacks which simply guess by running through every possible word in a dictionary.

Related:

  • Hotmail phishing scam may also affect AOL, Gmail and Yahoo
  • FBI director almost falls for online banking phishing scam
  • Microsoft launches Windows Live Hotmail
  • Twitter gets ultimate compliment: a phishing scam
  • Hackers claim credit for Twitter celeb strikes




    • Sign up for the BLORGE daily email newsletter

    Entry was posted on Wednesday, October 7th, 2009 at 2:37 pm under Hacking, Microsoft, Scams, Security.

    Read more entries by John Lister.
    StumbleUpon Toolbar Stumble It!

    2 Responses to “Hotmail phishing scam: researchers begin Spanish inquisition”

    1. DavidB:
      October 7th, 2009

      If services/sites REALLY cared, they would enforce strong password requirements using mixed case alpha, numbers, and special characters, along with minimum password length.

    2. Glenn:
      October 7th, 2009

      @ DavidB. That is the sort of thing that will simply drive people away from your service. There’s no better way to drive people away from your service than to irritate your potential clientele.

      “Your password is too short. You must have at least one number. You must have at least one letter. You must have at least one symbol. You must have at least one upper and one lower case character.”

      Not gonna happen, at least not with a POPULAR mail client.

    Leave a Reply:

    Copyright © 2008 Engaging and compelling blogs that entertain and inform