US data protection solutions provider Proofpoint believes it has uncovered the first proven Internet of Things (IoT)-based phishing and SPAM email attack.

The global campaign involved more than 750,000 emails coming from over 100,000 everyday smart gadgets such as televisions, home-networking routers, multi-media centres and at least one refrigerator that was being used as a platform to launch emails.

The cyberattack, which Proofpoint detected between late December 2013 and early January 2014, targeted companies and individuals worldwide with malicious email messages.

Proofpoint says that just as PCs can be compromised to form robot-like ‘botnets’ that can be used to launch large-scale cyberattacks, cyber criminals are using smart appliances and other components of the IoT to transform them into ‘thingbots’ to carry out the same type of activity.

David Knight, general manager of Proofpoint’s Information Security division, said: “Botnets are already a major security concern and the emergence of thingbots may make the situation much worse.

“Many of these smart home appliances are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur.”

IoT includes every device that is connected to the internet, from home automation products including smart thermostats and meters, to security cameras, refrigerators, microwaves, home entertainment devices.

Market intelligence company IDC predicts that more than 200 billion things will be connected via the Internet by 2020, four times the number of connected computers.