I have been getting an awful lot of similar looking suspicious email recently. There seems to be a vulnerability in mail security that a phishing group probably may have taken advantage of. Do not click the links on these emails! The trend to this malicious trick is to use or merge a portion or the whole of your friend’s username or use related or popular titles in the internet like facebook into the link’s text, thus tricking the recipient into thinking it’s somehow clean or can be trusted. If you’ve clicked these links, you may also be at risk.
If you think you are a victim, here’s what I would recommend at the very least: change your password & secret questions immediately! Bear in mind that your online reputation is not the only item at stake once your your email account gets compromised.
If you’re a Yahoo! user and if you still can access your Y! account, I suggest you take these steps to hopefully reclaim your account:
1. Change your Y! password immediately
2. Change both your Secret questions as well
3. Create an alias for the account. Let Y! know about the incident/s immediately, report it through their Security Report Form
5. Keep a screenshot copy of the suspicious messages that you supposedly sent in your sent messages folder as proof of the incident
For Gmail users, if your account has been compromised go to:
- My account has been compromised
- Protecting your Google account
It’s strongly recommend that you keep a unique & strong password for your email. If you’ve been using your email password as the same password for other services such as social networks (i.e. Facebook, Blog Directories, etc.), then immediately assume that the perpetrator may have access to them as well.
Here are some samples of suspicious content emails from different sources and destinations (the address has been modified to shield readers from clicking):
h—p://username.vipblog.name/2009/03/my-life-was.html
h—p://ow.ly/2ei1n?=www.facebook.com/photo.php
h—p://sites.google.com/site/as6tygwrt/ttut6f
For prevention, you can use a local password generator & manager such as KeePass Portable that you can bring around with you on a USB stick. If at the moment you really have to plunge into an internet cafe at the risk of getting keylogged then perhaps using a disposable password from services like Lastpass could do the trick.
Stay safe!
