Up for sale: US military email addresses with geolocation

Cybercriminals have increased the security risks to United States government and military personnel by selling their email addresses, complete with their location.

 

An entry on the Webroot blog site said this may be the latest innovation to allow cybercriminals better targeting in their upcoming spam campaigns.

 

"What’s particularly interesting about this service ... is that it offers segmented databases of harvested emails based on a particular country, or multiple gTLDs for better campaign targeting in upcoming spam campaigns, and targeted attacks," it said.

 

Screenshots of the inventory of harvested emails currently offered for sale indicate the lists are divided by country.

 

But Webroot also noted the segmented databases could be used for launching targeted attacks against a particular country.

 

Combined with localization or translating the spam message into the native language of the prospective recipient and event-based social engineering attacks, this could also increase the probability of successful interaction with the malicious emails, it added.

 

"In respect to targeted malware attacks, the service is currently offering 2.462.935 U.S government email addresses, and another 2.178.000 U.S military email addresses," it noted.

 

Webroot said cybercriminals often collect these through active data mining of malware-infected hosts, or through direct web crawling using commercial and private email harvesting tools.

 

"U.S government and U.S military users whose emails have been exposed are advised to be extra vigilant for potential targeted malware attacks enticing them into downloading and executing a malicious attachment, or attempting to trick them into clicking on a client-side exploits serving link found in the emails," it said.

 

Earlier this month, the US Army warned its personnel against the risks of social geotagging to their security.

 

It noted that with more smartphones and online services automatically indicating the location of their owners or subscribers, soldiers could be giving away their whereabouts to enemies.

 

"Someone with the right software and the wrong motivation could download the photo and extract the coordinates from the metadata," it said.— TJD, GMA News