{"id":14793,"date":"2019-03-08T09:10:03","date_gmt":"2019-03-08T17:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/03\/08\/news-8542\/"},"modified":"2019-03-08T09:10:03","modified_gmt":"2019-03-08T17:10:03","slug":"news-8542","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/03\/08\/news-8542\/","title":{"rendered":"Zombie email rises from grave after eight years of radio silence"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Fri, 08 Mar 2019 16:00:00 +0000<\/strong><\/p>\n

In a novel twist on \u201cWhat happens to our accounts when we die<\/a>,\u201d we have \u201cwhat happens to our abandoned accounts while we’re still alive<\/a>\u201d.\u00a0In this case, UK ISP TalkTalk kept an old customer\u2019s email account alive some eight years<\/em> after she closed it\u2014which left it wide open for takeover by spammers.<\/span><\/p>\n

If you’ve cancelled an account and wondered which bits of your digital data\u00a0continue to live on, this story is for you.<\/span><\/p>\n

I\u2019ve talked in the past about how when loved ones die, their emails, social network accounts, and more keep on keeping on<\/a>. Of course, this content is a prime target for cybercriminals, who can pilfer contacts and other data from long-dormant accounts.<\/p>\n

There are typically three ways of “rezzing” a dormant account, aka bringing it back. They are:<\/p>\n

Accidental:<\/strong>\u00a0This is where a previously dormant account comes back to life, but with no malicious intent behind it. For example, critic Roger Ebert\u2019s wife accidentally started sending public messages instead of direct messages via his inactive Twitter feed.<\/p>\n

Targeted:<\/strong>\u00a0This is when trolls or other ne\u2019er-do-wells specifically target an account to cause distress or just get a cheap laugh. A victim of the 2012 Aurora, Colorado, cinema shooting randomly tweeted \u201cI\u2019m alive\u201d some years after the event. This was, of course, enormously distressing for everyone involved.<\/p>\n

Non targeted:<\/strong>\u00a0This is a deliberate hack, but it isn\u2019t specifically about the victim. Rather, the account is just there to serve as a sock puppet\/fake account to sell a scam or push a bogus product. It’s quite common on social media, and for the scammer, it’s “just business.”<\/p>\n

What happened with TalkTalk?<\/h3>\n

While we often see accounts belonging to the dead compromised and dragged into all manner of dubious online activities, this situation is a little different. The outcome is the same\u2014an account, long dormant, is harvested and brought back into action, zombie-style. However, in this case, the former account owner is still alive. It’s a “non targeted” if we’re going by the examples above, but, in contrast to those examples, it’s causing considerable headaches for the account owner.<\/p>\n

Companies usually keep multiple pieces of data on former customers for a period after account cancellation\u2014web browsing history, payment methods, or old addresses, for example. But to keep an email dormant while\u00a0attached to someone\u2019s identity\u2014and for eight full years\u2014is a bad idea, because at some point it\u2019s probably going to be compromised.<\/p>\n

The compromise doesn\u2019t even have to be a database\u00a0<\/span>breach. It could be something as simple as the person having drastically improved their security practices over the years, yet old accounts are forever tied to something like \u201cpassword123\u201d.<\/p>\n

In this case, the account was indeed hijacked somehow. (The Register article doesn\u2019t go into detail on this, and frankly it\u2019d be a minor miracle if the affected person had any idea what happened some eight years on).<\/p>\n

Friends of the account owner became aware something was up when the account started sending them emails with suspicious links to .pdf and .img files. The scammers reused previous subject lines to make it all look a touch more above board. This is similar to how mail menaces will use \u201cRE:\u2026\u201d in their subject titles to make the email look as though it\u2019s part of an actual discussion.<\/p>\n

Why is this\u00a0<\/span>a problem?<\/h3>\n

The former owner couldn\u2019t get the account shut down due to a multi-tiered portal setup. It\u2019s not uncommon for ISPs to have multiple login sections, some of which cater to generic items and others to specific account features, or packages, or and anything else you care to think of. This is especially common when an organisation offers television, phone, Internet, and other services.<\/p>\n

While this wouldn\u2019t ordinarily be a\u00a0<\/span>problem, in order to shut down the compromised account, the former owner needed access to a specific portal that required her to be a current customer. As she’s not, TalkTalk requested two forms of identification to prove her identity. Given previous stories<\/a> on TalkTalk’s data breaches, she may be reluctant to hand it over.<\/p>\n

What happens now?<\/h3>\n

Nobody is quite sure. Even if the ex-customer weren\u2019t asking for it to be shut down, one would imagine TalkTalk would see it being used for spam and disable it. That has to break a ToS somewhere alone the line.<\/p>\n

Most ISPs issue an ISP-branded email regardless of whether you want one or not. With that in mind, it\u2019s worth logging into whatever portal you have available and having a look around. If an email address exists for your ISP, and you\u2019ve never used it, it could be a problem for you down the line\u2014or even right now. The account email may reuse your main login password, or have something incredibly basic assigned as the default password, which could easily be cracked.<\/p>\n

You don\u2019t want to walk into a zombie email scenario like the one outlined above. Review any dormant accounts you might have attached to things like cloud services, mobile or IoT devices, or ISPs and shut them down if you can. If you can’t, you can at least pop in there and add a difficult password<\/a> unlikely to be broken through brute force. And if you want to go the extra mile, contact the companies attached to the email addresses and find out what their policies are for shutting down email accounts after customers leave.<\/p>\n

As for suspicious emails: Should you receive something from an email address you haven’t seen in a long time, be careful. If you have another way to contact the person supposedly sending the missive, do so. Otherwise, keep these tips in mind<\/a> before you open any attachments or click any links. It\u2019s just not worth letting curiosity getting the better of you\u2014or your PC.<\/p>\n

The post Zombie email rises from grave after eight years of radio silence<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Fri, 08 Mar 2019 16:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
What do you do when an email account you assumed was long gone comes back to life after eight years?<\/p>\n

Categories: <\/p>\n