Technology: January 2013 Archives
The past week or two, I've seen a new wave of spam from email accounts on Yahoo. They tend to have blank subject lines and only a link and possibly a snippet of text in the body of the message.
Yahoo! has a couple of helpful articles on accounts sending spam. Changing your password is an important step, but it may not be sufficient to fix the problem, so you should look at every Yahoo account setting they tell you to examine. Among other things, you need to check any linked accounts to make sure all of them belong to you, check the alternate address (how Yahoo! contacts you, e.g. for sending a password reset) to be sure it belongs to you, make sure no one has hijacked your Yahoo vacation response, and review contacts and linked apps for suspicious entries.
What to do if your account is sending spam
What to do if your account continues to send spam
It's important to know whether someone has been sending messages directly from your account, rather than impersonating your account. (Different problems require different fixes.) You can look at your recent login history to find out the IP addresses from which someone connected to your account, when the login occurred, and the approximate location corresponding to each IP address. If someone logged into your account from Elbonia when you know you were asleep in bed, you know your account has been compromised.
(Note to Yahoo: You need to make Recent Login History easier to find. It's mentioned on this page, but the instructions for navigating to the Recent Login History page are incorrect.)
Have you had problems with your email account sending mail without your knowledge? How did you fix the problem? Let us know in the comments below.
MORE: Here's a technical explanation of the Yahoo spam hack. It appears that Yahoo has yet to plug the hole. The articles offer this advice:
Users with a Yahoo account should make a point not to click on any suspicious links they receive by email or from anywhere else. In fact, that goes for all users; don't click on random links, even if you get them from a friend. If you think your account was compromised, also change your password on any related accounts, especially if you use the same one elsewhere.