The survey data revealed that most users get hacked at high rates even when they do not think they are engaging in risky behavior, with 62% unaware of how their accounts had been compromised.
The results rely on an end-user survey together with data from Commtouch’s GlobalView Network, which tracks and analyzes billions of Internet transactions daily.
According to the survey, 15% of users thought their credentials were stolen after they used a public Internet terminal or WiFi network, but 62% were not sure how their accounts were compromised.
A majority of the hijacked accounts were used for spam; one in eight were used for a phony distress email scam that asked friends to wire funds to a foreign country; and 23% were not sure what was done with the accounts.
“Spammers are very good at covering their tracks. If they send spam from an account, they will delete all the sent items, so you won’t be able to see what was done”, said Avi Turiel, director of product market with Commtouch.
The survey found that Yahoo represented 27% of hacked accounts, followed by Facebook with 23%, Gmail with 19%, and Hotmail with 15%.
“From the spammers point of view, all accounts are created equal. The main thing is to get that compromised account. They are all of equal value”, Turiel told Infosecurity.
Once people were made aware of the compromise, 42% changed their password, 23% changed their password and added anti-virus software. “But there were 23% who did nothing”, Turiel observed.
The hacked account report was issued as a companion to Commtouch’s quarterly 'Internet Threats Trend Report', which covers web threats, phishing, malware, and spam.
The October trend report found an explosion in email-borne malware in the third quarter of 2011, reaching its highest levels observed in over two years. The ultimate purpose of the huge volumes of malware remains unclear as spam levels continue to decrease, Turiel noted.
Over 230 billion emails with attached malware were sent in the outbreaks of August and September. The malware included variants of Sasfis, SpyEye, Zeus, and fake anti-virus, the report noted.
In addition, phony Facebook notifications lured users to malware, while large-scale scams accumulated hundreds of thousands of Facebook Likes.
Although spam levels dropped to an average of 93 billion spam/phishing messages per day during the third quarter, the most popular spam topic was pharmacy ads, increasing to 29% of all spam from 24% in the second quarter.