PC Mag recently published an infographic that visualizes a study by Commtouch about “The State of Hacked Accounts.” Commtouch collected data from email users who have had their email accounts hacked to draw conclusions about email security and the motives of email hackers.


The study found that two-thirds of hacked email accounts are used to send spam or scams to email addresses listed in the account’s address book, full of family and friends. Many of these messages are focused on obtaining money from the recipients. They utilize angles such as “stuck in a foreign country, please send money,” and recipients see that someone close to them is asking for financial help.

Traditionally, email spam has been focused on marketing (generally unwanted) products through huge email blasts. Email and security providers quickly caught on, however, and now automatic spam folders work their magic on a regular basis and botnets can now be taken down instantly.  What does this mean for spam?

A Changing Landscape:

The spam landscape has changed. Hackers have realized that, with the onset of spam filters and the decline of botnets, they have to switch tactics. They have been finding success in compromising existing email accounts for spam and scams because (1) these accounts exist within whitelisted IP address ranges like Hotmail, Yahoo and Gmail, thus bypassing spam filters and (2) recipients are more likely to open emails from a familiar addresses than unknown senders, and are therefore more likely to follow through in providing personal information.

 eWeek’s Fahmida Rashid wrote an article describing the modern inner workings of the hacker community: “Hackers are often perceived as isolated, alienated individuals, working alone or in small groups. In reality, hackers are quite social, frequenting online forums and chat rooms to brag about their exploits, exchange tips and share knowledge, according to a recent analysis of hacker activity.”

The Future:

So what does this mean? We can likely expect an increase of such personalized scams, in email as well as social media outlets. To combat these intelligent, organized and widespread hacker communities, we have to do our best to predict next moves and be a step ahead. Then again, that’s why the U.S. government is hiring hackers left and right, but that’s for another blog post.

In the meantime, be smart. See the prevention tips in at the bottom of the infographic, and check out identity protection tips from our consumer identity theft expert, John Sileo, in earlier blog posts.