Your email account has been hacked, emails

Many of our users have seen this type of email in their spam filters, most don’t actually get through to your account, although the odd one might. That is all the spammers, who are usually organised crime syndicates, need and rely on.

A full version of the email is at the bottom of this post.

What are these emails and why do some of them have my password in them?

These emails raise many questions and I will try to answer most of them here.

It is of course possible for what they say in the email to be true, but in most cases it is not. There have been many hacked websites over the years and there are now plenty of lists of people’s usernames and passwords, that have been compiled from these hacked websites. There are now two or three main lists that have been compiled and in turn these in to one list of over 500,000,000 usernames and passwords. Security researchers use this list to determine things like frequency of passwords, your chosen password is probably not as unique as you think it is; monkey, password, 123456, abc123 were the top password for many years and although recent research shows that they have moved about, they are still in the top 15.

The bad guys use these username and password lists to try to gain access to your accounts on other wesites and even your email account. Now some bright spark has decided to take your username and password combination where your username is your email address and send an email to you, firstly showing your password to you and secondly faking the sending address, which is trivialy to do, and then tells you that they know something about you that you don’t want revealed to others. This is a typical phishing scam in that they don’t have any access to your email (that is not say that they don’t but they tend to use other scams that are more profitable when they actually have access to your email). Read More

New PayPal Phishing Emails

I recently received an email from PayPal that said that I had just completed a payment to someone I had never heard of for an amount that gave me the shivers (some 2 or 3 hundred dollars). I did not want to pay someone I had not heard of any amount of money for something I had not ordered. Whats more this had completed from my bank account. My first reaction, in the panic of the moment, was to click on the link that invited me to check out the transaction in my account, so that I could see if I could get this revesed.

Before I clicked it I took a moment to calm down and think logically. I have a suitably strong password on my account so it is unlikely someone would have been able to guess it. You can’t make a payment unless you have the password. Is it possible someone could have got it from my PC with a keystroke logger and then used it; possible but not likley. I then took a moment to read the email more carefully and noted a couple of things that I should have picked up on straight away.

Firstly the email was addressed to me, but not in the normal way. Secondly it came to an address that was not the one I used for PayPal. These two facts alone were proof enough that this was a phishing email. I check out the links that I was about to click and sure enough they were not to the PayPal website but something that was meant to look like the PayPal website as it had www.paypal.com in the address but was not their site. (I will write another posting about what to look out for in the URL to make sure you are going to the right place).

What struck me about this one was the fact that it was very well written, not like most of them that give themselves away instantly with the bad grammar or spelling mistakes.

What you need to learn form this is to be extra vigilant when it comes to any message in email. NEVER EVER click the link in an email, go to the website by typing in the address yourself. Read the content of the email over again before jumping to conclusion. PayPal in particular use the correct greeting in their email which makes it harder (although not impossible) for people to pretend to be PayPal. The same goes for some banks and other financial institutions.

Phishing emails have been around for a long time and are clearly very successful so be extra vigilant on emails that you expect and ones you are not!

Be on the look out for the latest batch of PayPal phishing emails as they have clearly copied the contents of real PayPal emails and just changed a few details.

I have had several more since the first one of these.

CritchCorp Support Team.