Email Vulnerabilities


Users of Facebook’s friend finder may have noticed a newish facility, pictured above, which allows Facebook to find friends of yours already on Facebook by riffling through your email account’s contact list. They say they won’t store your password or contact anyone without your permission. It is ‘the fastest and most effective way to find your friends on Facebook’. Awfully convenient what?

It reminded me that I recently received the following email from a friend’s Hotmail account:

Subject: Urgent Request
Date: 16 August 2008 2:02:42 PM


How are you doing? I am so sorry I didn’t inform you about my traveling to UK for a program, I am presently in London, i am stranded here because i misplaced my wallet on my way to the hotel where my money, and other valuable things were kept. I will like you to assist me with a soft loan urgently with the sum of 1,800 GBP to sort-out my hotel bills and get myself back home. I will appreciate whatever you can afford, i’ll pay you back as soon as i return, plz let me know if you can help me so that i can email you with the details you need to use and send the money to me via western union money transfer.

Best wishes and regards,


It was followed up two days later with an email from xxx’s work email (though not to every address in the Hotmail contacts – I didn’t receive it), explaining that someone had hacked her Hotmail account, changed the password, and to under no circumstances send any money to these malicious fucks. She later told me:

Yeah, sure.  Just had some further developments too.  One friend posed as a benevolent mate and was told to send it to someone with my name (not the most common) in London at an address few broke students could afford, i think.  Been in touch with Aus High-Tech Crime Centre, but they’re not much help.  Attorney General just sends a list of things to do to protect myself.  Hotmail just send an automatically generated reply.  Bummer.

Fortunately I think none of xxx’s friends are so stupid as to fall for this, xxx’s English skills are better than ‘I will like to’. But with Australians still sending millions each year to the most transparent of Nigerian scammers, one expects these scams, like those, will be extracting funds from gullible Aussie’s bank accounts for some time.

As this article shows, it is not that hard to crack even people’s on-line bank accounts by clever data mining but, returning to the Facebook friend finder thing above, it seems it’s not enough for people to expose themselves to risk by indiscriminately revealing their personal details, they are now encouraged to give away their email passwords to Facebook. How much do you trust Facebook? And are you sure you’re really on a Facebook page?

I also started thinking recently about all the web sites I am registered with. Lacking much in the way of both short term and long term memory, I tend to use the same username and password for pretty much all of them. Which means that any one of those sites would have a pretty good shot at guessing my login details for another one. Methinks the market for biometric thumb drives is a good bet.

Comments are closed.