Hotmail Password Scam Continuing…

Just about 2 weeks after Hotmail credentials were revealed online [1,2], another wave of spam campaign targeting Hotmail, MSN and Windows Live! was witnessed by SophosLabs. The message is quite similar to the previous MSN Messenger Block Checker spam. The link in the message directs to the same website as before to ask for MSN login credentials.

However, a big difference from the previous MSN Messager Block Checker spam is that this time the spammer sends the spam message to not only Hotmail users but also other free email users such as Gmail and Yahoo mail.

As people prefer to use same account names for different email services (with around 40% of people using the same password for every website they use[3]),  this provides spammers more opportunities to compromise not only the victims’ Hotmail accounts but also their other email accounts.

SophosLabs strongly advises customers to use different account names and passwords for different web-based email services. In this way, should one email account get compromised, the damage to other email accounts is mitigated.