A Hotmail user logged into their account this week to find that scammers had deleted all their e-mails except for one, which was from a hacker demanding cash in exchange for restoring the lost information, according to Websense.
Websense said this scam is a variant of ransomware, which is a malicious program that encrypts documents on the victim's computer and asks for a payment in order to decrypt the files. Had this been the owner or an employee of a small business, the company's intellectual property (IP) would have been at risk.
Joel Camissar, country manager at Websense ANZ, said that the Hotmail account of the victim is thought to have been hacked after they used a spyware-infected computer in a Spanish Internet cafe. The hackers had deleted everything from their inbox, outbox and removed all their contacts.
Camissar warned that the same thing could easily happen in Australia to somebody accessing their corporate Webmail account, which would most likely have serious consequences.
"Somebody could have used the Internet café to access their Outlook Web access account -- their password would then be compromised because the password for that account would be the same as their regular work access.
"The intellectual property could be very valuable. Imagine if it's the director of a company and they have [e-mails containing] confidential schematics or financial results," said Camissar.
Earlier this year, antivirus firms warned that criminals were increasingly using ransomware and warned that small businesses were most at risk.
David Emm, senior technology consultant at Kaspersky UK, said: "Within a corporation, the IT department normally backs up files. The danger is where attacks are launched at smaller businesses (without IT departments) and individuals".
Anyone using Hotmail as their primary business email account, and storing business critical information in his or her Hotmail account, is extremely foolish to start with. That the mail hijackers have any potential victims at all defies belief!