Posted by Virus Bulletin on Jun 20, 2011
Login details would give spammers access to legitimate mail servers.
A phishing scam has been identified that targets users of Microsoft Outlook and tries to obtain SMTP login credentials.
Many internet users send email using their ISP's mail server which means that, upon setting up their email client, they need to enter the latter's SMTP server name, as well as a username and password. By restricting access to their mail servers to their customers, ISPs prevent these servers from becoming open relays, which would allow spammers to use them for sending mass emails.
While spammers have other means of sending spam, most notably by using botnets, email from legitimate mail servers has a significantly higher probability of making it to the recipient's inbox; hence their attempts to obtain login credentials are hardly surprising.
Users should treat any email asking for credentials as highly suspicious; in this case, entering their credentials would not only make it easier for spam to be sent, it would also make it likely for their ISP to block them from sending email altogether.
More at Sophos's Naked Security blog here.
Posted on 20 June 2011 by Virus Bulletin