The Register® — Biting the hand that feeds IT

Feeds

Indian politico's webmail hacked to punt lost-wallet scam

PLEASE SEND $3,500. MOST GRACIOUS.

Customer Success Testimonial: Recovery is Everything

Fraudsters hacked into the webmail account of an Indian politician in a bid to sponge money from his contacts.

Senior Congress politico Mani Shankar Aiyar's Hotmail account was broken into on Wednesday in order to send messages claiming he'd lost his wallet and was in urgent need of cash to settle a $3,500 hotel bill in England and return home.

Indian Express tracked the former union minister down to New York, from where he confirmed his webmail account had been hacked into to send the dodgy "loan-requesting" emails. Unidentified hackers, who probably took advantage of weak passwords to break into the account in the first place, have locked Aiyar out of his account.

"Unfortunately, the hacker has changed my password so I cannot access my email account," Aiyar told Indian Express. "I am in New York attending a seminar on local self-government at Columbia University. I request all recipients to ignore this mischievous message."

The Times of India reports that fashion designer Rina Dhaka was hit by a similar scam last week. Delhi police are advising users to make use of strong (hard to guess) passwords, it adds.

Aiyer is far from the first high-profile politician left explaining a webmail hack. Previous examples have famously included Alaska governor Sarah Palin and former Republican VP candidate, as well as UK justice minister and former home secretary Jack Straw.

The 'person in plight' scam isn't new either, and has recently moved on from messages from hacked email accounts to electronic communiques from compromised social networking profiles. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

Latest Comments

Person genuinly in need

of a few quid. I sent lots of money to a rich lady in Africa whose husband has just died. To make matters worse the unfortunate lady has breast cancer and can't return home because some dodgy African bank had stopped access to her husbands account which has $15,000,000.00 in it. She never sent me a thank you letter :(

0
0

@ Anonymous John

I agree with you that the suggestion in the Reg article that "weak passwords" were the likely source of attack is actually much less likely than that Aiyar was phished. However, I disagree on the likely phishing method...

According to the linked Times of India article, it was Aiyar's personal Hotmail account at the heart of this story. Hotmail users are currently extremely heavily (if not almost exclusively) phished in the manner described in one of the Anonymous Coward comments about the father-in-law. That is, by Emails that purport to be from Hotmail admin staff and that ask their potential victims to reply to the Email with their username and password (and occasionally with other PI info), on threat that refusal will result in the account being cancelled.

Aside from being a security professional who sees this stuff every day, I've received very similar scam Emails from a friend-of-a-friend's Hotmail address which got phished just this way.

0
0

Correction to my previous comment

I said that the "Times of India" article said it was Aiyar's personal Hotmail account that was "hacked". I meant the "Indian Express" article...

0
0

More from The Register

 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
 breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
Critical Java SE update due Tuesday fixes 40 flaws
And yes, most are remotely exploitable
NSA accused of new crimes ... against slideware
They may take our information but they cannot take our REFINED AESTHETICS