If your Yahoo email account is sending spam
The past week or two, I've seen a new wave of spam from email accounts on Yahoo. They tend to have blank subject lines and only a link and possibly a snippet of text in the body of the message.
Yahoo! has a couple of helpful articles on accounts sending spam. Changing your password is an important step, but it may not be sufficient to fix the problem, so you should look at every Yahoo account setting they tell you to examine. Among other things, you need to check any linked accounts to make sure all of them belong to you, check the alternate address (how Yahoo! contacts you, e.g. for sending a password reset) to be sure it belongs to you, make sure no one has hijacked your Yahoo vacation response, and review contacts and linked apps for suspicious entries.
What to do if your account is sending spam
What to do if your account continues to send spam
It's important to know whether someone has been sending messages directly from your account, rather than impersonating your account. (Different problems require different fixes.) You can look at your recent login history to find out the IP addresses from which someone connected to your account, when the login occurred, and the approximate location corresponding to each IP address. If someone logged into your account from Elbonia when you know you were asleep in bed, you know your account has been compromised.
(Note to Yahoo: You need to make Recent Login History easier to find. It's mentioned on this page, but the instructions for navigating to the Recent Login History page are incorrect.)
Have you had problems with your email account sending mail without your knowledge? How did you fix the problem? Let us know in the comments below.
MORE: Here's a technical explanation of the Yahoo spam hack. It appears that Yahoo has yet to plug the hole. The articles offer this advice:
Users with a Yahoo account should make a point not to click on any suspicious links they receive by email or from anywhere else. In fact, that goes for all users; don't click on random links, even if you get them from a friend. If you think your account was compromised, also change your password on any related accounts, especially if you use the same one elsewhere.
0 TrackBacks
Listed below are links to blogs that reference this entry: If your Yahoo email account is sending spam.
TrackBack URL for this entry: https://www.batesline.com/cgi-bin/mt/mt-tb.cgi/6710
This happened to an old friend just the other day. She sent out a follow-up email with the subject: "Don't open the last email from me." It happened to my sister-in-law right before Christmas, in an old Gmail account that she never uses. And it happened to me about a year ago.
I think that all you have to do to fix the problem is change your password. I have no idea how the spammers find your password.
When my Yahoo account was hacked, I immediately changed my password. About a week later I got a notice from Yahoo that my account was "compromised" and that I should change my password at once! Already done, but they made me change the password AGAIN anyway before I could continue.
The most creative use of this scam that I have seen came in an email from someone I've never met but who I used to correspond with online - several years earlier. Her email said that she was in London, but her wallet and passport had been stolen. Could I wire her some money? She would pay me back when she got home.
Right!
Here goes my stab at the world's hardest Captchas:
Thanks for sharing your experience, Graychin.
If the spammers have changed the alternate address for your account -- the account that gets the email if you request a password reset -- to an address they control, they may be able to get back in after you've changed the password and then lock you out. It's also possible to authorize (purposefully or inadvertently) other web applications to access your Yahoo account, so it's important to check the list of authorized apps to be sure there's nothing out of the ordinary there.
That's all excellent advice. I did check my alternate address at Yahoo (the compromised account) but it was still just the right one.
I avoid giving sites cross-references to other sites as much as I can. When I finish with something, I log out of it. I closed my seldom-used Facebook account a while back because it was just too creepy and intrusive for my taste. Just about every darn site you visit wants you to hook up with them through Facebook. Can't be safe. It just can't.
Thank you especially for that link that shows recent login history at Yahoo. I've had a Yahoo email account for over ten years, but I never knew about that before.
When I looked at my history I saw a login from WA USA. That was the time I logged in with Yahoo's email app from my iPhone. I deleted that app, but that's a big flaw in the history listing. How do you know if it was you that logged in from WA USA - or someone else with that app?
Diving into the Captcha fog...
Oops! Trial #2...
My Yahoo account was hijacked, and the recent activity log said someone from Romania had logged in. Amusingly, Yahoo highlighted this with a warning symbol - it's a pity they didn't choose to tell me at the time, all I needed to do was change my password.
I've never been too impressed with Yahoo, even less so now.
Thank you for the links and great article information. Appears Yahoo is having similar but different issues.
I have a Yahoo account that I have used primarily for my Pinterest correspondence and was going to move everything over to when I relocate in a few weeks (and will no longer have access to my regularly used account). I also recently used the Yahoo account for correspondence with a potential employer in the city where I will be relocating. I have not linked this account with Facebook, a phone, or any applications.
I was recently notified that on March 8th the law office I corresponded with regarding employment received an email from my Yahoo email address containing a malicious link. UGH!! The email does not appear in my Yahoo sent folder. Thing is, until this morning I haven't opened any emails for the Yahoo account since Feb 26 (they have all just been Pinterest notifications). I know for a fact I have not clicked on any links on the computer at all. I also don't have a contact list set up for a virus to automatically pull the email addresses from - I typed out the addresses every time. I just checked if a contact list was set up automatically and it was not - still do not have a contact list at all. Lastly, I am currently located in NC and my Yahoo Account page still confirms NC. When I click on the Yahoo Recent Login Activity page to see if other locations or different IP addresses are listed, it reflects NC and one IP address up until the same date of March 8, when it switches to IL with a different IP address. The dates and times looked familiar though, so I've just logged out and back in several times (even clearing the cache just in case) and it is reflecting my login activity as if I am located in IL. Weird! As recommended, I've changed my password and don't see an alternate email account listed at all (which it should not) to alert anyone else of the password change. If someone hacked my password (which was completely unique to this Yahoo account) once, wouldn't they be able to somehow hack it again?
I know several other people with Yahoo accounts that have had similar emails being sent from their accounts on different days but all within THIS PAST WEEK and they have just assumed they accidentally clicked on something and a virus took over, but I KNOW I have not clicked any links. And these other things make it seem like the "virus" or "compromise" has happened at Yahoo's end? What else can we do if this is in fact a compromise at Yahoo?
Or is there something else that I am missing? What are your thoughts?
It look to me, as an IT consultant, that every Yahoo email account in existence has been hacked in the last 6 months. This is an ongoing security issue at Yahoo, who stand to lose many customers. Perhaps Microsoft can offer Yahoo their extensive experience in patching up the holes in bad software?
I just had my Yahoo email send out a spam email to all the contacts in my address book. I don't have many contacts in there, but the ones that I do are important. When I tried to log in today, Yahoo made me confirm who I am (?) before letting me in and forced a password change. All very well, except that I didn't know why except that 'they had detected suspicious activity on my account'.
I got a forward from a trusted friend who let me know that my email had sent out a spam email. When I checked my 'sent' items, I found that the mail had been sent from my account. I then checked login activity and found an unknown login location in the US - some place I haven't been.
I've changed my password now and checked the settings but I'm feeling a bit un-nerved. I hate the thought of my email spamming others and worse - the email address being compromised.
Incidentally, the switch to the 'new' Yahoo happened about a week ago and I wonder if this spamming is a direct result? I certainly preferred the old interface. It appeared more secure.