One of the tactics that works very well for spammers is tricking (Phishing) users into sharing their email account login and passwords and then using the hijacked account to send spam.
The advantages of using a hijacked account include:
- Access to the recipients online address book
- Ability to send from a fresh and clean address
- Use of legitimate mail servers for sending spam
The only downside is since many users will eventually take back their accounts (or admins will disable them) the spammer needs a constant source of new email accounts.
Lately, spammers have been aggressively refreshing their stolen account arsenal with emails such as:
Subject: Your Mailbox Quota Has Exceeded The Set Quota/Limit Which Is 20GB.
Your Mailbox Quota Has Exceeded The Set Quota/Limit Which Is 20GB.
You Are Currently Running On 23GB Due To Hidden Files And Folder On Your Mailbox.
Click the Link Below To Validate Your Mailbox And Increase Your Quota.
Click here: http://www.my4m.com/webupgrading/subscriber_form
Warning!!! Mailbox owner that refuses to Validate his/her Mailbox within Seven days of receiving this warning will lose his or her account permanently.
What’s clever about this version is it relies on using a compromised email account (from webmail.ccu.edu) to send the email and then also uses an online site, My4m.com, to create a quasi-official looking form to capture the visitor’s username/login.
Here’s a copy of the online form created by these spammers:
From the My4m site:
My4m is an online tool for collecting data using WWW forms. It offers the possibility of simultaneous use of WAP and SMS support.
They apparently also don’t monitor the usage of the online forms they provide as such Phishing bait is clearly illegal.
This type of Phishing fraud/Identity-theft is perpetual in nature in that as soon as a recipient falls for this fraud and provides their actual email login and password, the spammer will then use the newly captured account to send more such Phishing solicitations (and other spam) to the user’s entire address book if it’s available online.
The online address books, combined with no serious outbound spam countermeasures is why so many Gmail, Yahoo, Hotmail and AOL users accounts are stolen, and then used to spam all those people’s contacts.
This also explains why you so often receive such Phishing emails from the accounts of people you know (or at least who have previously emailed you) online.
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.