iTandCoffee is at 34 High Street Glen Iris 3146, Victoria Australia
Call 1300 885 420 or (03) 9886 0814
© 2012-2018 iTandCoffee Pty Ltd. All rights reserved ACN: 606 340 434
22/11/2015 0 Comments
In the past week, I have had two clients with issues arising from hacked Yahoo mail accounts.
These clients were probably caught out by a phishing email scam, and inadvertently given away their Yahoo email address and password.
As a result, many friends and contacts received a strange email from the hacked account - another 'phishing' email. This email had a link that (if clicked) would perhaps have led to the recipient also being hacked. (Here's hoping none of them fell into the trap.).
Both clients had secured their Yahoo accounts by changing their account password. In one case, the client had even set up something called two-step verification, to ensure that any attempts to access her account would result in a text message being sent to her mobile.
However, despite having ensured that the hackers no longer had access to the accounts, friends were contacting them days later saying that they were still getting fresh emails that were obviously suspect.
This, naturally, raised the concern that the hackers still had access to their mail accounts.
Did the hackers regain access to the Yahoo accounts?
In both of the cases, I checked out the emails that had appeared to come from the two clients.
Each had the relevant client's name in the 'from' field, and even had an email signature that had the client's name. So the messages look very much like they came from the client.
However, clicking on the name in the 'from' field showed that the email address behind that name was a nonsensical email address that was not, in fact, their Yahoo email address.
So, what had happened?
The hackers have your 'little black book'
Unfortunately, the hackers had obviously retained the list of contacts that were found in the hacked Yahoo accounts and had also retained the name of the person owning the hacked account.
With this information, they are then able to continue to generate emails that look like they come from their 'victim', targeting the email addresses found in the hacked account's contacts list.
Can these emails be stopped?
Unfortunately, there is not a lot you can do to stop someone using this information once it has been stolen.
The best thing to do is to warn friends and contacts whose details were stored in your Yahoo contacts that the hacking has occurred, and that they should be alert to any future strange emails that look like they have come from you.
What's on at iTandCoffee ?