Phishing scams seem to have spiked in recent weeks on email systems like Hotmail and Gmailaccording to the BBC. A lists of thousands of usernames and passwords from Hotmail, Gmail and other services have been surfacing here and there around the Internet. This comes after a report in August from IBM that said that Phishing scams were actually on the decline.
Just in case you didn't know. A Phishing attack is an attempt to gain access to your password by directing you to a fake website that looks like a site you trust where you have to input your credentials to get access. A Phisher might build a clone of MySpace, for instance, and then send you a message telling you to go look at some embarrassing photos someone has posted of you there. Once you login to the fake MySpace with your real credentials they have you. And the next thing you know all your friends are pissed off at you for spamming them.
While phishing scams are sometimes terrible and often annoying. These databases of usernames and passwords offer a peek into how careless some people are with their login credentials. There really isn't any good reason for this since there are tons of resources for learning how to make your login information more secure, but then again, the most secure password in the world isn't helpful if you happen to give it away in a phishing scam.
Analysis of the Hotmail/Gmail user data reveals that the most common password is 123456. Which reminded me of a report from a few months back that broke out the most frequently used passwords on other networks.
Singles.com seems to have the most religiously themed passwords (blessed, jesus, and christ) while MySpace has the most profane yet affectionate with variations on 'I love you' appearing 4 times in the top ten most used passwords and 'fuckyou1' ranking at number 6.