Recently, the German Federal Office for Information Security disclosed that the email accounts of up to 16 million users had been compromised. The computers of these users were infected with information-stealing malware which were used to steal these login credentials.
The German government has set up a page where users can check if their email accounts have been compromised. We recommend that users in Germany check their accounts, as we’re seeing a re-occurrence of certain scams which rely on compromised email accounts.
Recently, a German user came to us saying that his friends had told him his account was sending suspicious emails. He later discovered that both his email and his Facebook accounts had no content. The user changed their email password, but this did not stop the suspicious activity.
Soon after, contacts began receiving emails from a new email address that was near-identical to the original address. The new address was an alias of the original and had an additional “I” in the name (e.g., “badboy” became “badIboy”), which recipients may not notice at first glance.
These emails use the well-worn “distressed tourist” scam. The emails claim that the sender was attacked in a foreign country and requires financial aid to get home.
Figure 1. Email asking for money
Users who actually reply to this initial email soon get another one with details on how to send money. The abuse only stopped after the new address was removed from the original account’s list of aliases.
Figure 2. Second email providing details
Protecting email accounts should be a top priority, considering the amount of sensitive information stored in them and the other accounts that can be controlled via password resets. Users should remember a few key safety tips:
- Always use different complex passwords or passphrases for different accounts. Password managers can help create and manage multiple online accounts.
- Opt for two-factor authentication when possible.
- Only log in using secure and trusted devices. Think twice before logging in from public devices such as Internet cafes.
- Users can also opt for encryption services for added protection.