- Internet & the Web
Yahoo Password Hacked? How to Avoid It and How to Remedy It
Early December of 2012 I received an email from “Yahoo” that said something to the effect of: Your account is reaching maximum capacity and needs to be verified. This did not seem unreasonable to me. I did have 8,000+ emails in my inbox, and my husband has been telling me for years that I am contributing to a clogged up system :). Somewhere in the back of my mind, I remembered that Yahoo didn’t have a limit on the amount of emails, but I decided to just be safe and verify my account anyway.
The photo below shows a similar message I received recently. The grammar is worse, but the message is the same. Notice it says that “Yahoo” is the sender.
When I clicked the link to verify my account I went to a page that was the same as Yahoo’s login page (see the photos below), typed in my email address and password and was directed to "Yahoo’s home page". I thought that was weird. There was no place to really verify anything.
Hacker's Home Page Compared to Yahoo's Home Page
Fake Email Sent Out in My Name
Little did I know that it was not Yahoo, but a hacker obtaining my password. I'm sorry about the size of the pictures, but if you look closely, you will be able to see that the "Hacker's Home Page" has a non-Yahoo web address (which I did not notice, unfortunately). Within 12 hours of "verifying my account" everyone on my contacts list received this message:
------- Original Message --------
Mon, 10 Dec 2012 06:09:17 -0800 (PST)
I really hope you get this fast. I could not inform anyone about our trip, because it was impromptu. we had to be in Manila, Philippines for a program. The program was successful, but our journey has turned sour. we misplaced our wallet and cell phone on our way back to the hotel we lodge in after we went for sightseeing. The wallet contained all the valuables we had. Now, our passport is in custody of the hotel management pending when we make payment.
I am sorry if i am inconveniencing you, but i have only very few people to run to now. i will be indeed very grateful if i can get a loan of $2,000 Usd from you. this will enable me sort our hotel bills and get my sorry self back home. I will really appreciate whatever you can afford in assisting me with. I promise to refund it in full as soon as I return. let me know if you can be of any assistance. Please, let me know soonest. Thanks so much..
I am thankful that I have great friends. Within minutes of this email being sent. I received a dozen texts, 2 phone calls, and multiple messages on facebook. I am so thankful my hacker had bad grammar :). However, many friends, especially ones who are not native English speakers, were worried about me and asked how they could help. Others replied to the email to let me know that I had been hacked. That leads me to the second level of my hacker’s efforts…
More Spam Sent in My Name, Contact List and Emails Deleted
The hacker created a Hotmail email account in my name, and forwarded all of my Yahoo emails to it. Then he began to spam these friends. My friends received email messages with links in them. To my knowledge no one clicked on the links, but we are guessing that viruses were attached.
Also, he deleted all of my Yahoo contacts. This prevented me from sending out an apology email, and has caused some annoying inconveniences. And he deleted my emails from the previous year. What a pain.
What To Do If Your Email Account Has Been Hacked
- Change your password immediately. I changed the passwords of my other on-line accounts also, but maybe that was just paranoia.
- Alert your contacts by whatever means you have available. I sent out a facebook message and texted those who aren’t on facebook to let them know about the spam email. I still missed many people.
- Check your email settings to make sure they are still yours. Every email provider is different, but Yahoo! has a “tools” button just to the right of your name at the top of the page. Under “tools” choose “mail options” and then “mail accounts”. The screen will look like the photo below. My hacker had typed in a newly-created Hotmail address so that my emails would be forwarded to him.
- Yahoo! suggests also checking your alternate email settings. These can be accessed by clicking on the purple “!” toward the top right of the screen, choose “Account Info”, and then make sure that the primary and secondary email addresses are the ones you want. My settings on this page had not been changed.
Restoring Deleted Contacts and Emails
If your email contacts or your messages were deleted, there is a form you can fill out and Yahoo! will attempt to restore them.
This link will take you to more information about that. Your messages had to be deleted within the past 48 hours and your contacts within the past 10 days. Unfortunately, I did not find this information until I started writing this hub. But hopefully it will help someone else!
Reporting Abusive Email Account
If someone has set up a false account in your name, good luck with changing it. I have scoured Hotmail/Microsoft FAQs and have written multiple questions on their 24 hour virtual agent trying to find a way to report and shut down the fake email address. It has proven useless.
I hope you don’t get hacked. And if you are a hacker, I hope you change your childish ways :)