A recent security threat, the Onliner spambot, exposes over 711 million email accounts in what some hack news would refer to a massive data breach.
Although most email systems have a spam folder that usually catches junk and malware-infected messages, the cyber criminals have this time managed to bypass the filter and make their stuff look genuine. The best thing is that not all, but only some of the targeted emails accounts addresses and passwords were compromised or taken by the recent attack.
The email has become a common tool for communication but criminals haven’t stopped being mischievous and are always trying to penetrate through the email protection systems. According to computer security news, the Onliner spambot which was discovered by the Paris-based security researcher who goes by the pseudonymous name Benkow, and confirmed by another security expert Troy Hunt, has collected “a mind-boggling amount of data”.
Troy Hunt is Microsoft’s Regional Director who also runs Have I Been Pwned anti-hacker website that tracks online breaches, where he also discovered that his email was among the data dump from the Onliner spambot.
How does Onliner spambot work?
The cyber criminals are now using a number of hacker tools and methods to penetrate and compromise a number of computer security systems. In this recent attack, they merged data from earlier attacks such as the LinkedIn data breach which occurred in the year 2012 as well as others.
The cyber criminals behind the spambot used a number of other data breaches to compile a massive database containing over 80 million email credentials. Using these email account logins details, they sent spam to about 630 million email addresses. Unfortunately, this spam can bypass or jump over the spam filters and even the banking malware protection systems.
It is even harder to suspect that an email is coming from the Onliner Spambot since it sends emails that look genuine. Some of these, which may include invoices, can tempt the users to give out their banking details.
How to check if your email account is hacked or compromised by Onliner Spambot
To find out find your email address is among the Onliner spambot hack database, use the website – Have I Been Pwned. However, the hack may only have very little of your information and nothing more than just your email address. But you shouldn’t celebrate too much if you do not have a strong security and passwords for your online accounts as this is just one of the attacks among thousands or millions. It is critical to secure your account against the existing and future online threats.
According to a number of reliable hack news, some of the emails in the data dump from the anti-hacker website HaveIBeenPwned.com are unusable and only a few of these contained real email addresses and passwords. However, you should still be careful and avoid opening suspicious-looking emails and especially anything that looks like an invoice. Even when you receive this confirm that the invoice is genuine and do not pay or enter your banking details if it looks suspicious
How to protect your email address from attacks?
There are several things you can do to protect yourself from cyber-attacks. The best would be to combine several options but first if your email is already compromised, you need to change the password immediately – you know it is compromised if Have I Been Pwned tool indicates that it is in the Onliner Spambot dump. However, you may not need to rely on this only, if you suspect that you are not safe, haven’t changed your password for a while, or the email and other online accounts have weak passwords, it is time to take action.
You also need to enhance your online security by using tools such as the Norton security software which is available in various options to cater for different account types. You can even Save up to 55% on Norton Security Suite products.
Avoid using the same password for the email accounts and other online accounts such as banking and others. To be more secure, enable the two-factor authentication to make it harder to get access to your email account with only the email address and password.