Tuesday, May 5, 2009

Friend's E-mail Account Hacked

The other day, I received an e-mail from a friend with a subject line of "Look". The body of the e-mail was short and sweet. It said "* Hi! Click the link, there is something funny for you" followed by a link that looked innocent enough to me. The computer security person in me thought this was a bit strange so I did a little checking on the site that was referenced in my friends e-mail.

After some checking, I found that the site was considered malicious and was hosted in China. I responded back to my friend and said that the computer security person in me wondered if he really had sent this. No response. Another few days and I get another e-mail from him with the same link. At this point, I contact him and he says no he didn't send me or any of the other contacts he had in his address book that were included on this e-mail.

Lesson, my friend had his e-mail account hijacked. The attacker who had control was trying to take advantage of the trust between my friend and his contacts in his address book. I sent a response to all the others who received the e-mail warning them of the malicious link. I never heard back from anyone but I had done my part.

Be careful when you receive an e-mail from a friend with a link, and this is also true of the other social networks like FaceBook, MySpace, and LinkedIn. My motto in computer security is to trust no one. Don't just randomly click on links just because one of your friends sends you a link. Hijacked accounts will send out messagse with malicious links and take advantage of the trust that is built up on these types of networks.

Be careful out there and stay safe. Happy Tuesday!

No comments: