Hotmail accounts 'posted online'

[karachidude]

offcourse unless one decides to give one away to a phishing site ^_^

[DKT27]

You don't even know how easy it is for the even a n00b hacker to make a phishing site.

[HX1]

No joke...its injecting the code, poisoning the DNS server.. and altering the cache entries.. thats the hard part..There are quite a few ways this can occur including linked services that people for some reason will put in their account information into..

[karachidude]

You don't even know how easy it is for the even a n00b hacker to make a phishing site.

what are u saying....sooo..

How to avoid phishing sites...<google>..for me i have never been phished.

[HX1]

If you have no protection from it.. why would be able to say you could stay away from it? DNS, ARP poisoning can be quite an issue. The main thing is to watch what you are doing.. keep an eye on the URL bar...and think about why you would even give out your address.. much less any other pertinent information..To another site.. for any reason.. One main question is why would these people need said info.. User action is key.. Site is not.. however some may make larger targets than anything...

I guess the most remarkable is that I have accounts and some multiple at all of these sites and I wasn't effected..but I don't use them socially either..

[shought]

It's not about Microsoft or Google, never was, the problem is and will always be the incompetence of the users.

I was actually reading the past posts wondering why nobody said this, glad you decided to do so :)

I couldn't agree more.

[DKT27]

@Shought: Leet is right. :)

As far as phishing is concerned. There are some ways that some hackers follow is to change the host file the way, suppose, even if you open download.com by search bar, you will be transferred to the phishing site, not the original download.com.

[HX1]

This however is usually accomplished when a system is not protected by HIDS, or HIPS.. Also by malware and registry hacks which open your system to the vulnerability left by malware.. that sometimes are never cleaned or addressed.

[HATE9X]

since they were phished, i just wasted my time changing the passes :frusty: i'm not someone who falls for that, especially 'cos i don't use those mails much.

i thought it was leak from m$ employee or sth.. o well..

[DKT27]

Avoid being a victim of an e-mail phishing scam

A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.

Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.

When phishing attacks first became prevalent, the fake sites were often crude imitations of the real things, but these days, they can look exactly like the legitimate site, typically of a bank, a payment service such as eBay's PayPal, or another financial company. When the user logs in with a username and password, or provides credit card numbers and other confidential data, that information is captured by the e-mail senders, who can use it to impersonate the victims.

In addition to someone being able to read your messages, a risk of having your e-mail account compromised is that many sites will send a lost password to an e-mail address, so if criminals can access your e-mail, they might be able to use it to get passwords from other sites, including financial accounts.

BBC News is reporting that it has seen lists containing more than 30,000 names and passwords, some of which "appear to be old, unused or fake," but "many--including Gmail and Hotmail addresses--are genuine." To put this into context, Gmail and Hotmail sites had more than 84 million unique visitors in July. Yahoo Mail had more than 156 million unique visitors, according to ComScore.

Here's some advice that can help you avoid becoming a phishing victim.

Change passwords regularly

Even if this particular breach hadn't occurred, many experts recommend that you change your password about every three months. This is as good a time as any to do just that. It's also a good idea to avoid using the same password on multiple sites, but if you're one of the many people who have done that, be sure to change your password elsewhere. Gmail asks users to provide them with an alternate e-mail address, so be sure to change the password for that account as well.

As I pointed out in this post about password security, consider using a password manager like LastPass (free) or RoboForm that can generate and manage strong passwords.

Click cautiously

If you get an e-mail that appears to be from legitimate site with a request that you click on a link to visit the site for any reason, including updating your security information, think before you click. It might be taking you to a rogue site that captures that information for possible identity theft or other crime. It's safer to just type in the URL yourself. Be extremely wary of any requests to provide Social Security numbers or credit card information, unless you're absolutely sure that you're dealing with a legitimate site. When visiting a site, make sure that the URL is that of the organization.

Look for secure sites

If you're asked to provide sensitive information such as a credit card number, be sure that the URL begins with "https" (the "s" stands for "security") and that there is a padlock icon, typically in the lower-right corner of the browser.

Use a phishing filter and good antimalware software

The most recent versions of most browsers, including Microsoft's Internet Explorer and Mozilla's Firefox, help filter phishing sites, as do security suites from McAfee, Symantec, TrendMicro, and other companies. Security software also helps protect you against malicious software that can log your keystrokes, or otherwise jeopardize your privacy and security. Make sure that your security software and your operating system are up-to-date.

Think critically

If something seems too good to be true, it's almost invariably too good to be true. Think about what you're about to do on any site you visit, especially if it's a site you don't already trust. Never use the same password on an unknown site that you use for e-mail, banking, or other sites where security is essential.

The U.S. Department of Homeland Security's National Cyber Alert System has additional tips to help you avoid phishing and other social engineering attacks, and ConnectSafely.org has tips to create an manage strong passwords.

Source

[Bizarre™]

As far as phishing is concerned. There are some ways that some hackers follow is to change the host file the way, suppose, even if you open download.com by search bar, you will be transferred to the phishing site, not the original download.com.

Only when your system has already been compromised.

If you have a clean system, all you need are the right tools, a watchful eye and a little bit of common sense.

[LeetPirate]

I haven't changed my hotmail password in over 10 years. :lol: Last time I tried changing a password I ended up forgetting it after so I won't waste time changing this one. Never check your mail etc. at a public or compromised workstation.

[DKT27]

@Biz: Of course. But not everyone is lucky. They bind it with your favorite file. And I don't know that any security software would detect a host file. But yea it's important to have common sense. :)

@Leet: Please check out the email with attachment, that I'm gonna send you now. :lol:

[DKT27]

Guys. Look what I found.

Site: http://thepiratebay.org
Sharecode: /torrent/5113930/Hotmail_List

Now even if Hotmail people have disabled the accounts, you may come to know who are the people that got hacked. ;)

[DKT27]

OK. That torrent seems to be down. I have another torrent link if you wanna make sure that your account was not hacked. But I will not post it here. You can try to search TPB for it. Note: Most of the accounts are blocked, download it only for confirmation.

[jalaffa]

The list is fairly easy to get using a search on TPB. It's rather boring and a lots of duplicates. Def. a phising scam origin.