Latest Email Hacks and Security Breaches

Digital attacks that originate over email are very common. In fact, since the beginning of widespread email services, viruses have been a part of their overall threat to computer security. Symantec, one of the largest manufacturers of security technology on the planet, recently released a report in which they detailed some of the most common threats that have been going around in recent months.

 

The Worm

 

Look at any hacked email account and you'll usually find some sort of a worm involved in it. The end of the summer of 2011 saw the advent of the W32.Sality.AE worm, which is really just the worm of the moment. Most unauthorized email access originates with a viral attachment. The virus is quite often a worm in the worm is designed to unleash a destructive payload upon the server or the network where it is opened. While W32.Sality.AE might be the latest thing to threaten computers, it is most certainly not the first and it will not be the last.

 

According to the report, most of the phishing activity done over email was targeted at businesses in the public sector. Phishing is an activity where you use a spoofed email or a spoofed webpage to get somebody's credentials from them without their knowing. Generally, the spoofed email or webpage appears as something official and asks someone to enter sensitive information, such as their PayPal account information, their banking account information and so forth.

 

Social Engineering

 

Do an email lookup for attachments in your folder and you'll find plenty of them. In fact, you'll find emails with all types of viruses attached to them, in all likelihood. Most of the time, your antivirus software will pick up the viruses and quarantine them so that all that remains is a dummy. One of the most vicious types of attacks, however, is social engineering. According to the same report, social engineering comprised many of the attacks that were successfully launched over the summer.

 

The aforementioned phishing is a form of social engineering. Oftentimes, hacked email accounts are opened up because somebody gave their credentials to the hacker without knowing it. One of the more clever ways that hackers figured out how to do this over the summer was to use office machinery to send phony requests for password credentials. They would use, for example, the company printer to send an attachment asking for email account information or other information that can be used to hack email. Once the unsuspecting victim sent it, their email account was completely open and usable by the hacker.

 

Sometimes, hacked emails are hacked over email itself. Spam emails that contain some sort of scam were big threats over the end of the summer 2011. These emails usually have some sort of appeal to pity or an appeal to social consciousness and ask people to donate money or take some other action that compromises their security. Increasingly common are webpages that are linked to from the email that contain malware embedded in their code.

 

Dangerous Pages

 

Oftentimes, hacked email accounts and spam emails are used to direct people to webpages that have dangerous software embedded in them. Symantec, in its 2011 intelligence report laid the blame for quite a few of the successful hacks at the feet of JavaScript. JavaScript is actually a very useful technology that is used on webpages all over the Internet. It can be used for malicious purposes, however, and it can be used to hack email.

 

If you want an idea of how someone could access your account and send unauthorized email from it by using a JavaScript exploit, do an email lookup for any email that looks like a webpage. You probably get some of these from online discounters or other retail outlets. If somebody wanted to hack your email, they could send you one of these emails with a webpage embedded in it that was hidden by JavaScript. The easiest way to avoid having this happen to you is to use security software that disables JavaScript in emails.

 

According to the report, Symantec discovered well over 3,000 websites every day that where being used to hide malicious software. This number went up from August to September of 2011.

 

There were some good news items in the Symantec intelligence report. For starters, the overall level of spam went down. Spam is one of the most annoying types of unauthorized email that users receive. While it is annoying in its most common form, when it is simply an advertisement, it is downright dangerous and other forms. It is quite frequently used as a vector for viruses and other malicious software. According to the report, the global ratio of spam to legitimate email went down by 1.1 percentage points compared to last month.

 

Other Threats

 

Hacked email accounts are oftentimes used to send spam messages that contain infections that make computers part of a botnet. Microsoft and U.S. government agencies shut down a couple of these botnets over the summer of 2011 that had posed serious threats to Internet security. Some of the malicious software used to make computers members of these botnets was sent from bogus email addresses or was sent from hacked email addresses. Hacked email addresses are always major threats and, in many cases, the individual who has the hacked email address doesn't even know that their email is being used to send out malicious software.

 

Overall, unauthorized emails or emails that were deliberately sent with viruses attached to them accounted for one in 225 emails, according to the report. Some industries are more subject being spammed than others. For example, the automotive industry had the highest rate of spam. Stopping unauthorized email use is always a priority. Many of the problems reported in the intelligence report no doubt originated with hacked email accounts that their owners probably didn't even know were compromised. Installing antivirus software and using an email service that filters emails for spam and other nuisance messages is the best way to make certain that you do not end up being infected by hacked emails or that you do not receive a constant stream of unauthorized emails.