AOL Breach Could Bolster Phishers, Exposes Email Spoofing, Web Threats


The AOL Mail data security breach could yield enough valuable information to craft convincing phishing campaigns, according to security experts, who said the security incident is the latest in wide-scale targeting of web-based email accounts conducted by financially motivated cybercriminals.

AOL acknowledged on Monday that it was investigating the scale of the breach following reports of hijacked accounts late last week. The data exposed, according to the company, included email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions. It indicated that about 2 percent of its email accounts (it has approximately 24 million accounts and 2.5 million paid users, according to recent financial filings) were used in spoofing campaigns, designed to send spam and phishing messages to victims from an email user known to the recipient.

A long-standing attack technique targeting webmail typically involves using automated tools to steal the user account credentials or a brute-force attack to break into and gain control of a victim's email storage. The prize to criminals is a global spam industry worth billions and the ability to use the account to spread messages peddling counterfeit pharmaceuticals, pornography and other nefarious goods.

 

Webmail is no longer the most efficient way to carry out the activity, said security experts. Webmail providers have bolstered monitoring capabilities to identify suspicious activity from email users and freeze potentially hijacked accounts.

Many organized cybercriminals turn to cracking into hosted web servers or renting out powerful botnets to spread spam and phishing messages, said Rob Delevan, an IT security consultant and national account manager at Salt Lake City-based Wasatch I.T. The AOL Mail incident highlights why businesses and consumers can't let their guard down, Delevan said.

"This is an example of someone going after small fish and a shining example of why everyone is open to this kind of attack," Delevan said. "Consumers and businesses need to be proactive about account management, using strong passwords and being vigilant about potential attempts against their security."

AOL is urging Mail users to change their passwords and said it was putting enhanced protective measures in place to address the incident during its investigation. An analysis of the incident conducted by Trend Micro uncovered messages from spoofed accounts containing spam links to phishing pages.

"We saw that 94.5 percent of the users who visited the final landing page came from the United States," said Maria Manly, one of the firm's antispam research engineers. "Analysis also shows that these phishing pages are hosted in different countries, including Russia, the United States, Hong Kong and Germany."

AOL also modified its DMARC policy, a mechanism to combat spam, ensuring that bulk AOL mail is rejected if it doesn't come from an AOL server, Manly said.

NEXT: Providers Must Educate Small Business Owners About Web Threats