Hackers target Yahoo users in Singapore: SingCert

Yahoo users in Singapore have been warned about spam e-mail that could leave them vulnerable to attacks by hackers.

A government information watchdog has advised them not to click on the links in these messages - even those that are supposedly sent by friends.

The warning was issued last Friday in a bulletin on the website of the Singapore Computer Emergency Response Team (SingCert).

It said that there have been reports of spam e-mail from Yahoo accounts containing links to sites selling "work-from-home" schemes and packages.

If users click on them, they could allow hackers to infect their computers with viruses and hijack their e-mail accounts in order to flood their contacts with spam.

"Users are advised not to click on such links and should not enter in any personal particulars to these websites if prompted," read the warning.

The watchdog, a unit of technology regulator Infocomm Development Authority (IDA), said Singapore users' e-mail accounts appeared to have been hacked into, but did not explain how this happened. It also said the local attack resembled a global one that apparently started last month.

This involved hackers exploiting a loophole on a Yahoo webpage and infecting millions of e-mail accounts, according to several press reports.

In Singapore, many users have posted complaints on chatroom sites such as HardwareZone and even MyCarForum following what appears to have been widespread hacking that began last Thursday.

SingCert has warned people with Yahoo e-mail addresses to change their passwords and use different ones for different online accounts.

It was the watchdog's first alert about spam from Web-based e-mail accounts in three years. Typically, its warnings - which come once or twice a month - are about vulnerabilities to potential hacking in Web browsers and operating systems.

Security expert Assurity Trusted Solutions, a subsidiary of the IDA, also advised all Web users to activate the "two-step verification" process offered by some service providers such as Gmail and Facebook.

This technique uses a one-time password, good for only one log-in, to provide an added layer of online security.

Yahoo offers two-step verification, but only in certain markets including the United States and Indonesia. Singapore users do not have the added layer of security.

The company's Singapore spokesman said: "We take security very seriously and invest heavily in measures to protect our users and their data, and work diligently to fix any vulnerabilities that are found."

itham@sph.com.sg

Register here to get free digital access to The Straits Times until Aug 9, 2015.
Comments