Indian politico's webmail hacked to punt lost-wallet scam
PLEASE SEND $3,500. MOST GRACIOUS.
Fraudsters hacked into the webmail account of an Indian politician in a bid to sponge money from his contacts.
Senior Congress politico Mani Shankar Aiyar's Hotmail account was broken into on Wednesday in order to send messages claiming he'd lost his wallet and was in urgent need of cash to settle a $3,500 hotel bill in England and return home.
Indian Express tracked the former union minister down to New York, from where he confirmed his webmail account had been hacked into to send the dodgy "loan-requesting" emails. Unidentified hackers, who probably took advantage of weak passwords to break into the account in the first place, have locked Aiyar out of his account.
"Unfortunately, the hacker has changed my password so I cannot access my email account," Aiyar told Indian Express. "I am in New York attending a seminar on local self-government at Columbia University. I request all recipients to ignore this mischievous message."
The Times of India reports that fashion designer Rina Dhaka was hit by a similar scam last week. Delhi police are advising users to make use of strong (hard to guess) passwords, it adds.
Aiyer is far from the first high-profile politician left explaining a webmail hack. Previous examples have famously included Alaska governor Sarah Palin and former Republican VP candidate, as well as UK justice minister and former home secretary Jack Straw.
The 'person in plight' scam isn't new either, and has recently moved on from messages from hacked email accounts to electronic communiques from compromised social networking profiles. ®
Person genuinly in need
of a few quid. I sent lots of money to a rich lady in Africa whose husband has just died. To make matters worse the unfortunate lady has breast cancer and can't return home because some dodgy African bank had stopped access to her husbands account which has $15,000,000.00 in it. She never sent me a thank you letter :(
@ Anonymous John
I agree with you that the suggestion in the Reg article that "weak passwords" were the likely source of attack is actually much less likely than that Aiyar was phished. However, I disagree on the likely phishing method...
According to the linked Times of India article, it was Aiyar's personal Hotmail account at the heart of this story. Hotmail users are currently extremely heavily (if not almost exclusively) phished in the manner described in one of the Anonymous Coward comments about the father-in-law. That is, by Emails that purport to be from Hotmail admin staff and that ask their potential victims to reply to the Email with their username and password (and occasionally with other PI info), on threat that refusal will result in the account being cancelled.
Aside from being a security professional who sees this stuff every day, I've received very similar scam Emails from a friend-of-a-friend's Hotmail address which got phished just this way.
Correction to my previous comment
I said that the "Times of India" article said it was Aiyar's personal Hotmail account that was "hacked". I meant the "Indian Express" article...