Much like me, many of us use the same password for multiple email accounts and websites. While this practice makes managing passwords an easier job, it also means that only one of our accounts needs to be compromised in order for all of them to be compromised.
One way hackers compromise our passwords is via phishing scams. These scams involve the use of fake websites to lure users into entering their personal exploitable information such as, credit card numbers, bank account numbers, etc. Familiar with the loopholes in internet security, most users stay clear of suspicious emails and submitting their information on less known websites. However, there is still a large number of internet users who fall victims to phishing scams, clueless about their actions even after they have been taken advantage of.
The potential dangers of phishing scams have now been brought into major attention after analyzing the victims of the recent widespread phishing scam, forty percent of whom used the same password for all their accounts on a number of websites. Neowin, the technology blog, reported an initial list of usernames and passwords from a number of websites, which was circulating the internet. The list was traced to its source Pastebin, which a site which is commonly used by program developers to share their program codes.
Paul Dixon, owner of Pastebin, has pulled the site down for maintenance. According to him, Pastebin was intended to be a fun side project, which due to this incident is something it currently was not turning out to be. He has announced that until he makes further modifications to prevent something like this repeating itself, Pastebin will remain down.
Reviewing the first list, it was thought that only Hotmail (Windows Live) customers were being affected by the scam. However a second list was discovered which included usernames of accounts on almost all major internet networks namely, Yahoo, Gmail, and AOL, amongst others. Soon afterwards, spokesman from numerous affected internet services, such asMicrosoft and Gmail, announced that the information of their customers had been compromised not due to any security glitches in the system, but due to misleading websites gathering people’s personal information under false pretenses.
The internet services forced password changes on the accounts they found on these lists and work on restoring the integrity of all accounts is currently under progress.
The combined number of accounts in these lists was around 30,000; while some of these accounts included fakes, the number of real accounts was ominously large. Observing these facts, one may begin to wonder how many phishing scams actually get away with what they do.
The only way to protect ourselves from being defrauded on the internet is to have up to date antivirus software, keep clear of suspicious emails, and never give out private information on websites of which the security we are not confident about.