From Hell!

For many years a bread-and-butter tactic of scammers has been to hack a person’s email account and send out a malicious link to everyone in the victim’s address book, often with a just a few words to accompany the link such as…

Hi
‘Sup
Check it out
My photos
Big news

Because the recipient knows the sender (but doesn’t realize the sender’s email has been hacked) the scammers are guaranteed a higher-than-normal click rate on the malicious link. BAM! Another malware infected computer for the scammer to misuse and abuse.

People across the Internet have seen so many emails containing malicious links from hacked accounts that they have begun to wise up. Yahoo users, in particular have felt this pain. It seems that Yahoo account holders have had their passwords hacked by the millions on a yearly basis. Here are just a few articles about these breaches over a three year period:yahoo-mail-fail

2014: Yahoo Hacked and How to Protect Your Password [January 31, 2014]

2013: Yahoo’s Email Hacking Problem Starts to Hurt [May 31, 2013]

2012: Was Your Yahoo Password Hacked? How to Find Out. [July 12, 2012]

Of course, once the scammer sends out a malicious link to everyone in the address book, a big percent of recipients immediately hit the reply button to inform the sender that his or her email account has been hacked and misused. What’s a scammer to do? Mourn the fact that he will no longer be able to misuse the account?

But wait! Now the scammers have a new tactic! Starting early in the summer of 2014, scammers hack one victim’s account and gather the email addresses, then they send their malicious emails from a different person’s address BUT insert the subject line “FROM John Doe” where John Doe is the first person’s hacked account. It’s practically confusing! Here’s an example with all innocent’s names and emails blurred:

From Jennifer

Can you count the number of victims in this scam?

  • Jennifer… who’s email account was hacked and used to gather 20 email addresses
  • Cathieh at Frontline, who’s email account was also hacked and used to actually send the malicious links
  • 20 Recipients of the email containing the malicious link
  • ulcseminary.net… Universal Life Church, who’s web server was hacked and was being misused to host malicious content. (We informed them and they were very grateful to hear about it.)

There are 23 victims represented in this one email.

The new trick that has been throwing people off is that the scam email says that it is FROM someone they know, but comes from a stranger’s email address. People are confused and open the email to see what’s going on. And they are confused… Who’s email account was hacked? We can tell you with confidence…. BOTH Jennifer’s email and catheih’s email accounts have been hacked.

Here’s another example.  Can you count the victims?

Hacked email account w malicious link

Check out these recent lists displaying the “from” scam…

From hell scam1

From hell scam2

Next step… how to pick up the pieces of a hacked account. Read our article “Recover from a Hacked Email Account.”

UPDATE 2015:
Unfortunately we have an update on this report about “from hell” that is not going to feel good to those of you who have been hacked….  We recently heard from two different people in different states who are reporting that their friends and colleagues are still getting email scams with their names on them.  And this is a year after their email accounts were hacked and contact lists stolen.  Apparently the scammers will continue to misuse the hacked person’s name and contact list as long as their friends still have the same working email addresses.  This is the pain that keeps on giving.  Sorry to be the bearer of bad news.