Scammers who stole email users' passwords and published them online are using the information to perpetrate further frauds, Sky News has learned.
Earlier this week Microsoft admitted Hotmail users had been tricked into revealing their passwords, 10,000 of which had been published online. Those responsible have been using the stolen information to send out personalised spam emails, according to Websense Security Labs.
The spam is being sent from users' accounts to contacts in their address books - so recipients will think it came from one of their friends. While the new spam is not malicious in itself, it does point the contact in the direction of something that is — a "shopping" website.
The trick is, the shopping site is not a real one.
The scam persuades victims to order goods online by credit card, leaving them vulnerable to identity theft and fraud.
Patrick Runald, Security Research Manager at Websense, told Sky News Online: "Scams are happening every day on the internet and most of them stay under the radar but what's unusual about this is that it's entered the public domain.
"With this one, we found five or so electronic online sites were set up over the past two months.
"The sites look legitimate so the average buyer would see nothing wrong in putting in their personal details, including their credit card details — and that's all the scammers need."
Mr Runald advises email users to take the following precautions to avoid being caught out:
:: Change your password immediately. It's strange but true that most people have kept the same password since they first logged on to Hotmail or other email providers up to 10 years ago. My advice would be to change it immediately and every six months after that.
:: If you're going to buy online, use a credit card rather than a debit card. It appears to be easier to get items off your bill than get money reinstated on your bank account.
:: If you get a suspect email, don't open the URL address without checking it out with the friend who apparently sent it — better still, don't open it at all.
:: Use only reputable online shops that you know are safe and do your online shopping with them.
:: Don't use the same password on all your website addresses — such as Facebook, Hotmail and others. Your personal details are more protected if you have different ones.