> > And what are they after?
>
> They're after any account they can gain access to, most likely so
> they can use it to send spam, and possibly also so they can download
> eMail messages for any reasons, including extorting money from the
> account owner, or selling the data (assuming they've breached a large
> quantity of eMail accounts), etc.
>
> Once they find a password that works, they'll probably also be
> curious about other possible places where they could login with it
> (this is one of the reasons users should use different passwords on
> each system, but sadly many still don't).
More worrying might be if they use the cracked email account to gain easy
access to more sensitive accounts elsewhere.
The standard "I forgot my password" almost always just needs you to have
access to an email account to set a new password, without the attacker
needing to know the original account password at all.
It's very important that people understand that email account passwords
need to be at least as unguessable as any other senstitive online accounts.
Anthony
--
www.fonant.com - Quality web sites
Tel. 01903 867 810
Fonant Ltd is registered in England and Wales, company No. 7006596
Registered office: 31 Greentrees Crescent, Sompting, BN15 9SY
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
