For ten days in March, millions were caught in the same massive spam campaign.
Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent email with a link to a fake site pushing a weight loss pill or a bitcoin scam.
The emails were so convincing more than 100,000 people clicked through.
We know this because a security researcher found the server leaking the entire operation. The spammer had forgotten to set a password.
Security researcher Bob Diachenko found the leaking data and with help from TechCrunch analyzed the server. At the time of the discovery, the spammer’s rig was no longer running. It had done its job, and the spammer had likely moved onto another server — likely in an effort to
Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/2Li40DMF3O4/