I couldn't find this in Network Security Hacks and it seems extremely elementary. I've recently received two Nigerian 419 spams (from the same person), one from a webmail account test@[domain] and the other from demo@[other domain] The account demo was disabled before I could try it but I managed to crack the sooper sekret password for test - it was test. Lesson: when you install an O/S or something else that has names and passwords you frequently get default logins with passwords that are easy to guess or well-known among crackers. Disable the logins if possible, and, in any case, change the passwords to something reasonable. (Unless you really want a guest account.)