Phishing+Spamming = Phishpaming
Few months back i got an email from an unknown user . There was a hyperlink in the email and the sender wanted to have friendship with me. The sender wrote that her photograph is available on the following link. This was crazy, because of two reasons:-
1. Why would an unknown person send me her photo on my email?
2. How did it came to my inbox after bypassing the anti spam?
Now, at this point i should tell you something which you might already know, that this is a typical kind of spam attack, which you might also be getting in your inbox. In this case, it was something more than a spam attack because, i was sent a yahoo page, not a website of viagra pills or free cosmetics etc. So, i decided to dig it further and opened that hyperlink in a virtual machine.
When the webpage appeared, it looked like a genuine yahoo login page with yahoo photos. I didn’t understand one thing, that if the sender wants me to see her, why didn’t she sent me her photo as attachment. Anyway , i entered my yahoo email account and a wrong password, suddenly a pop up add came on the screen. It was related to some low cost online software website. But, yahoo never gives popup on the login screen as far as i know. Till this point i never looked at the address bar. When i saw the address bar i could immediately figure out that it is a fake page and someone is trying to get hold of my password. So, what i concluded about this mail is that, it was a combination of two attacks, first one is obviously spamming and the second one , identify theft.
If i would have been unaware of IT security stuff, i might would have fallen prey to this spam . I am into software security and understand these stuffs related to phishing ,password hacking etc. But, had it been someone who don’t know about online thefts of passwords, privacy and data etc would have been a victim of this mail.
I was one of those billions of users who would have got this mail. Even if we assume just 10% of the users are fooled by these kind of spams, just imagine what a spammer will do if he has access to the passwords of millions of email accounts. Taking an average of 100 contacts in the address book, every attempt of this attack will keep on fetching the attacker huge number of email account, usernames and passwords.
[...] news by dipanjan Firefox 3 Hug Day (for Ubuntu) [...]