Symantec have just released their annual Internet Security Threat report and it reveals the worrying statistic that 100 potential threats per second were blocked in the year ended 31 December 2009.
Even more worrying was the revelation that cyber criminals were selling the personal email account details of victims for as little as 65 pence each.
The purchased details are then used to send out emails, particularly to the contacts of the stolen account holder, containing spam, viruses and trojans.
The premium price for these stolen details is around £13 ($19) and that is reserved for email addresses that have web space allocated to them.
Many ISPs try to promote their broadband accounts by providing free web space and a free email account.
The reason these accounts are more valuable is that the criminals can make use of the free webspace to set up phishing sites to glean financial or more personal information from visitors or malware sites that just download malicious code.
The vast majority of users never make use of the free webspace that comes with their accounts and so the existence of these illegal sites goes unnoticed until a victim complains and it comes to the attention of the ISP of the owner of the hacked email account.
You are most likely to be a victim of this cutprice sale of your details if you have an account with the large free ISPs where they cannot monitor the usage of millions of, often, free email accounts that they host.
Hosts like ourselves do not offer free email accounts. To have an email address with Intrahost you must purchase, at least, a web hosting account. So the main motivation of our end-users is having a website and, therefore, they would quickly realise their details had been sold as they would see a change to their website. However, it is likely that we would have spotted it before the customer did. This is because spammers make constant use of the stolen accounts. The email traffic on a stolen account would show a much different pattern of usage, the volume alone will literally ring alarm bells, indicating that there is a problem with an account.
The lesson here is to be careful where you provide your email address, even more so when giving personal details at the same time, e.g. on an online form. Be very wary of using, especially free, indivdual email accounts, particularly those with attached web space - and also be very careful of emails apparently originating from friends’ email accounts that may seem strange in the written text or the in nature of any attachments.
If you ever feel that your Intrahost account may have been compromised please contact us immediately so that we may invetigate.
