10 Biggest email blunders of 2009

[VelMurugan]

10 Biggest email blunders of 2009

Remember the time when you sent that gossip mail to your boss accidentally? Thought an email blunder couln't get bigger than this! Take heart you are not the only one, there are people and organisations who can empathise with your sorrow/embarrassment/bewilderment!

Email solutions company Proofpoint recently put together some of the "scariest" email-related blunders, mishaps and threats from this year.

In no particular order, Proofpoint highlights some of 2009's biggest email mishaps.

source : indiatimes

[VelMurugan]

Trojan Horse empties bank accounts

In September, it was reported that a banking Trojan horse, dubbed URLZone, had thwarted fraud detection systems, to enable software to actually steal money while users are logged in to their accounts and display a fake balance.

Victims' computers were infected either by clicking on a malicious link in an email or visiting a website that has been compromised with hidden malware.

The Trojan also kept a log of the victim's bank account login credentials, took screenshots, and snooped on the user's other Web accounts, such as PayPal, Facebook, and Gmail.

[VelMurugan]

FBI forgery

The wife of FBI Director Robert Mueller banned him from online banking after he nearly fell for a phishing scam. Mueller received a seemingly legitimate email from what he thought was his bank, which prompted him to verify some information.

He even went as far as filling out some of his personal information before realizing it might not be a great idea.

He said he barely caught himself in time before falling victim to the scam. As a result, he changed his passwords and tried to pass the incident off to his wife as a "teachable moment."

However, that did not stop Mrs. Mueller from sanctioning Mr. Mueller's online activities.

[VelMurugan]

Hotmail phishing

Most recently, more than 10,000 Hotmail accounts were compromised in October and passwords were posted on several websites where developers typically share programming code.

News site Neowin reported it had seen part of the list, which has since been removed, and notified Microsoft of the issue.

In this phishing scam, hackers sent out legitimate-looking emails under the letterhead of banks, eBay and other institutions, telling consumers they needed to reset online passwords to their Web sites for security purposes.

It seems that many of the affected account holders could have used a password reset. Security researchers with copies of the exposed passwords reported that "123456" was the most commonly used among them.

[VelMurugan]

Start-up suicide

Back in September, social media advertising and applications start-up RockYou, sent out a mass email to their customers and associates announcing their new site redesign, but instead of using BCC, they displayed the entire mailing list of over 200 email addresses in the CC: field. Not surprisingly, many of those addresses ended up on a spammer's list.

Two months later, the start-up sent out another mass email using a mailing list. Unfortunately, the email asked contractors to provide information for their W9 tax forms. This resulted in people inadvertently sending personal information to the entire mailing list.

[VelMurugan]

Judge orders gmail account deactivated

In August, Wyoming-based Rocky Mountain Bank mistakenly sent names, addresses, social security numbers and loan information of more than 1,300 customers to a Gmail address.

When the bank realized the problem, it sent a message to that same address asking the recipient to contact the bank and destroy the file without opening it.

No one responded, so the bank contacted Google to ask for information about the account holder. US District Court Judge James Ware in the northern district of California ordered Google to deactivate the email account and also disclose the Gmail account holder's identity and contact information.

The Gmail user hasn't been accused of any wrongdoing, but someone at the bank should be a little more careful when typing in the TO: field in an email.

[VelMurugan]

Payroll panic

Payroll processor PayChoice was the victim of a website breach in which customers received targeted emails purporting to be from the company, but were designed to trick people into downloading malware.

Workers received emails that directed them to download a browser plug-in or visit a website to continue accessing the onlineemployer.com PayChoice portal.

Clients were notified within hours and the site was shut down. It was later learned that the emails were sent from a Yahoo! email account and the links were hosted from servers in Poland.

[VelMurugan]

Tax terror

Britain's tax authority, HM Revenue & Customs, issued a warning about a rash of scam emails that used convincing (but fake) government email address in an attempt to lure recipients into divulging their personal information to receive a tax refund.

The scam messages claimed that recipients were entitled to a tax refund and asked for bank or credit card details, so that the fictitious refund could be paid out.

Like most legitimate businesses and government organizations, the HMRC stressed that it would not inform citizens of a tax rebate via email, nor would it invite them to complete an online form to receive a tax rebate.

[VelMurugan]

UCSD fake-out

28,000 students were turned away from UC San Diego in one of the toughest college entrance seasons on record after a particularly cruel twist in the perils of instant communications.

All 46,000 students in the entire freshman applicant pool received the same misfired message of acceptance, which could have led to the largest freshman class at any university globally.

The 18,000 students who were actually accepted breathed a sigh of relief. Unfortunately, the rest of the applicant pool had to march on in the grueling college application process.