Hacked Hotmail contacts used for phishing attacks

Criminals who have hacked thousands of webmail accounts are using the contacts lists of these accounts to send personalised spam.

Websense Security Labs said it has detected a marked increase in the number of spam emails sent from Yahoo, Gmail and Hotmail accounts over the last few days.

The spam emails are being sent from hacked user accounts to contacts in their address book - so people will think the email came from a friend or known contact.

This spam email recommends a product and invites the reader to click on a link to a shopping site to buy the goods. The shopping site is in fact a fake (often less than a month or so old having quickly shot up the Alexa website ranking tool indicating that they have seen a lot of traffic).

If the victim falls for the scam, and enters their credit card to 'buy' the goods the hackers then harvest the bank details.

Carl Leonard, threat manager at Websense said: "This is just another example of online fraudsters becoming increasingly adept at gaining personal and confidential information from unsuspecting victims.

"Websense Security Labs have found that 37 per cent of malicious web attacks over the past six months included data-stealing code, demonstrating that attackers are clearly after essential information and personal data."