> I don't think the accounts were hijacked: the headers showed that the > messages the OP posted were not sent from the domain hosting the mail > accounts. It looked to me as if somebody has sold on lists of valid > hotmail etc. accounts. > > I smell an inside job, or at least some careful preparation, because the > OP reckons that these accounts (forged as sender) were paired with valid > accounts he hosts that would be used by the owner of the forged account. > The messages I saw took the form:
We got one owner of the hijacked accounts to admit he got an e-mail that basically said "Hi we are trying to get rid of dead accounts so please click here to verify your information". The site then very nicely asked for his username/password which he gave and then viola, no more access to his account. The message was then sent to every address in his address book (which is why many of my users got the same message). Sadly, we have had this happen a couple of times with hotmail and yahoo addresses. What can I say, some of our clients aren't exactly the most tech savvy. --Dennis