Recently we have had a resurgence of people complaining that their online email accounts have been compromised and are being used to send spam. The reports all say the same thing: a message has been sent to every recipient in the Webmail address book, but the user had nothing to do with sending it.In these types of situations, it usually turns out that a user’s Webmail login credentials are stolen during a phishing attack. The attacker will then use the stolen credentials to change the user’s account settings in order to allow the Webmail account to automatically send out spam email. Also, the attacker will modify or add an email signature so that every future email sent by the user includes additional spam text that the user will be unaware of. In addition, auto-responding vacation notifications are often turned on so that an automatic reply—including spam—is sent to any new incoming email.The added spam signature text usually contains an advertisement to watches, cameras, etc. Alternatively the added text could include a link to the attacker’s phishing site in an attempt to trick the recipients of the users’ emails into giving away their credentials. Because the link is coming from a trusted user’s email address, some people may be more likely to believe the link is legitimate and has been sent to them for good reason. Unfortunately this process will then be repeated for each person who falls for this tactic.Here are some of the first lines of the spam text we have seen that have been added to user’s emails:• We are wholesale company which can offer you laptops, digital cameras, videos, GPS, cell phone, mp4, game console and many other electron products.• Dear friend, We are one of the largest Chinese electronic wholesalers, which can provide the most effective, high quality products with competitive prices.• Dear friend: www.<removed>.com I am glad to meet you in this way, I hope the information will be helpful.• Hey, how are you doing recently…• Hunting for hidden Easter treasures is a beloved spring tradition.• Welcome Easter with a Personalized Easter Basket.If you find that you have fallen victim to this type of attack, there are certain things you can do to help stop your account from being actively involved in the attack. Most importantly, change your password. This will prevent attackers from revisiting your account. Once the password has been changed, go through the settings associated with your email account and look out for suspicious entries in the features that add text to your outgoing mails such as signatures or auto-replies. Anything an attacker can use to alter outgoing text in an email should be considered a target.As always, be vigilant and careful when using the Web. Remember: the only place that will legitimately request your login credentials will be the login form of the application they are designed to protect. In this case, only enter your login credentials when you are attempting to access your Webmail account directly.