Fighting Phishers in Light of Gmail, Yahoo, Hotmail Password Leaks
"Apart from accessing the user's Webmail accounts, e-mail addresses are commonly used to log into social networking sites,” Wood said. “So with a successful phishing attack, the bad guys not only gain access to an individual's e-mail account, but also a variety of other sites that may be linked to that account. People should be advised not to share the same password for these sites and should change their passwords at least every 90 days."