October 12th, 2009
The following is an important message from Mark Risher, Spam Czar for Yahoo! Mail, worldwide:
Keeping you safe while you’re online is a top priority for us here at Yahoo!. One important part of your online safety is making sure that nobody else can access your Yahoo! Mail account without your permission, and the best way to do that is to make sure you choose a good password and make sure nobody else knows it or can easily guess it.
know it can feel like a pain typing out a more detailed password, but none of us want to make it any easier for the bad guys.
My top advice is to be mindful of any Web page that requests your Yahoo! password. The #1 way people get their passwords stolen is by typing them into lookalike “phishing” web sites, pages that pretend to be Yahoo! or another trusted Web site but actually are run by the bad guys. Scrutinize carefully any page that requests your Yahoo! password. In addition:
- Make sure the Web page address doesn’t have any misspellings or extra words (e.g. http://www.yah000.com, http://www.yahoo-members.com, or http://www.yahoo.BadGuyEnterprises.com) in it. When it doubt, go straight to http://www.yahoo.com.au and log in from there.
- Be vigilant about anything that doesn’t look right on the page, such as typos, outdated content, or broken or missing pictures.
- Best idea: be sure to set up a customized “Sign-In seal” picture — instructions are located here — and never enter your password unless you see that picture on the page.
Here are a few more tips to help keep you safe online:
- Don’t use the same password on multiple sites. Your Yahoo! Mail account is important to you, so it deserves its own password. That way, if the unthinkable happens on another site, at least your Yahoo! mailbox remains secure.
- Never send your password over email. Yahoo! will never request your password from you in an e-mail; if you ever receive such a request, you should treat it as fraud. Do not pass “Go!” Instead immediately click the “Spam” button on that message.
- Protect yourself with a virus scanner. Another way passwords get stolen is from a virus that records your keystrokes. Don’t give the bad guys that option: There are a number of anti-virus companies that offer free versions or trial offers, including (in no particular order and with no specific endorsement implied) http://security.symantec.com , http://usa.kaspersky.com/downloads/free-virus-scanner.php, http://us.mcafee.com/root/downloads.asp?id=freeTrials, and http://www.avast.com/eng/avast_4_home.html.
Unfortunately there is no silver bullet against these criminals and con-men, but hopefully these tips will help us all keep the bad guys at bay.
Mark Risher – Spam Czar, Yahoo! Mail
October 7th, 2009
In light of recent media reports regarding email accounts from various providers and their passwords being posted online, please read the following from Yahoo! Mail’s Program Manager, Andrew:
You may have heard or read about email accounts and their passwords being posted online. While I’ve read different versions of how the person(s) responsible was able to get the email account information, it was not a result of any insecurity at Yahoo! It looks to be a result of phishing attacks. Should you feel that one of your email accounts was affected by the recent publication, whether it is a Yahoo!, Hotmail or Gmail account, I would suggest changing your password as well as other account security information like secret questions and alternate email addresses.
We are aware that a limited number of Yahoo! IDs have been made public, it’s uncertain if any of those email/password combinations have resulted in any accounts being compromised. Online scams and phishing attacks are an ongoing and industry-wide issue and Yahoo! takes great effort to protect our users’ security.
We also have the following online resources that provide information and guidelines on email safety:
Our anti-spam site: http://au.antispam.yahoo.com/
With a phishing prevention sub-section: http://au.antispam.yahoo.com/phishing/
Our help pages: http://help.yahoo.com/l/au/yahoo7/mail/yahoomail/abuse/
And of course, I’ve posted a number of articles about online safety to this blog: Spotting phishing emails, how to spot online scams, avoiding the lottery scams, and account recovery help
Here are a couple FAQs that provide additional information:
Have accounts been compromised because of this?
We are unable to confirm whether accounts have been compromised at this time. However, we strongly suggest that consumers take caution in securing their email and other online accounts by regularly changing their passwords, and updating account security information.
What do I do if I think my account has been compromised?
You should change your password immediately. Also, if you are unable to enter your account, you can take steps to recover it here: https://edit.yahoo.com/forgotroot
We take online security seriously at Yahoo! We strive to make you and your Yahoo! account as safe as possible. Of course if you have any questions or issues with your account, please contact our Customer Care team.
Please rest assured that Yahoo!7 will never email you asking for your password. If you receive such an email that looks like it’s from us, please be sure to pass it on via this form.
The following blog posts, that we have previously written on different security issues, may also be of interest to you:
Email safely,
Kate – Yahoo!7 Mail Team
July 29th, 2009
Scam emails are something we should all now be well aware of. Andrew, from the Yahoo! Mail Team, brings us the following timely reminder:
You’ve all probably seen some sort of scam email, and by now you probably think you’ll never be fooled by one. But from time to time, I get one that I think is particularly cunning. And it reminds me that it’s never a bad thing to have a little refresher course on how to avoid be the victim of phishing scams. I received this email over the weekend, and thought I’d share it with you as a particularly good example of a phishing email.
Phishing, for those of you unfamiliar with the term, is the act of trying to trick you into revealing your account and login information via a fake email or fake Website. The one pictured above is a prime example of a phishing email, which uses a scare tactic to try to solicit you to send your account details and password. Here I’m being asked for the password for my Yahoo! account, and the email threatens that I could lose my account if I don’t send my info. It could just as easily been my banking information.
The most important thing you need to know is that we will never ask you for your password. NEVER!! And we would certainly never ask you to give us any of your account information unsolicited. Banking sites, like Yahoo!, are the same and you will never be asked for your account details in an email.
So if you receive an email like the one above, don’t fall for it. Just delete it, or better yet, report it using this form.
So there you have it, Yahoo!7 will never email you asking for your password! 
If you receive such an email that looks like it’s from us, please be sure to pass it on via this form.
The following blog posts may also be of interest to you:
Email safely,
Kate – Yahoo!7 Mail Team
Subscribe to the blog!