How phishers steal e-mail accounts

[harlan4096]

Good old e-mail isn’t the sexiest offering in the digital world, but amid a whole bunch of newer apps and services — the instant messengers, the social networks — it’s standing its ground as an essential tool for modern-day life. Most of us still have to use e-mail, at the very least to be able to register new accounts for all those services, apps, and social networks out there.

That need is exactly why e-mail logins are a coveted prize for attackers. In this post we’ll explain how some crooks use phishing to get hold of them.

Phishing letters — the most common e-mail hacking tactics

The vast majority of scam letters made to steal e-mail login names and passwords look like messages originating from the services we use for e-mail. When targeting home users, phishers mimic popular webmail services. And when attempting to hack corporate accounts, they pretend to be your work e-mail service — in this case the sender is simply the mail server.

Popular mail services are imitated much more often. Scammers try to make such letters as convincing as possible. The deception toolkit is the standard one: a sender’s address that looks much like the real one, logos, headers and footers, links to official resources, a plausible layout, etc.

Continue Reading