In March of this year I had at least five friends / acquaintances have their Yahoo email accounts hacked. Once hacked their email accounts became spam generators, most of which were for “Breaking News” faux Fox News (there is a joke in there) report about a breakthrough in weight loss to be revealed by Dr. Oz. The spam email only contained a link but if you follow the link in the email cross-site scripting (XSS) methods are used to hack your account if you are using Yahoo and I would imagine install some kind of malware before done. I tried to educate people on passwords (length, complicated, special characters) but that got exhausting. Then I started to see reports on how bad this was and how Yahoo! is just ignoring the problem.
With Yahoo seemingly unwilling, or more likely, unable to help its customers, many users have been asking me for advice on what they can do to better protect their accounts. The situation isn’t helped by the apparent lack of any advanced security settings option within Yahoo Mail itself, but through a little digging around I have been able to come up with some suggestions.
I don’t use Yahoo Mail, but do have an account that I use for Flickr, which by the way I am one user that LOVES their new format, unlike many whiners. I’d bet I am in the minority since I also like each new Facebook update while most of my friends become whiny little kids. Back to Yahoo Mail, Wheatley details three steps to help protect your account. I was not aware that they offered two-step verification and agree with the author that it is a shame that they don’t make it more obvious. Click here to turn on two-step verification.
I use Gmail which I find to be the winner of the email systems for their spam control, rules, and ability to link to other accounts. All email to richiemadden.com, maskc.org, etc., I have filtered through Gmail and it handles the spam nicely. I use Thunderbird as my desktop client (a free alternative to Microsoft Outlook) which together keep my inbox tidy.
I have a “Block Yahoo Email” rule in place that has frustrated a few of my friends and clients. The rule: any email coming in from a Yahoo email account is deleted on receipt and the sender is sent a canned response explaining that I do not accept emails from Yahoo based email addresses. I have not been spammed by anyone I know since. If you have Gmail, you can find this “Canned Responses” extension to Gmail in Settings (the gear on the right), and click the Labs section.
Now knowing that Yahoo DOES have two-step authentication I modified this canned response. If a sender wants to continue using Yahoo to email me they must setup two-step authentication and promise me that they have done so. It’s a small step but one that should be taken, not only for yourself, but your friends and contacts as they are the ones effected by your/Yahoo’s lack of security.
Wheatley, Mike. (2013, May 16). How To Protect Your Yahoo Mail Against Hackers.
Wheatley, Mike. (2013, April 30th). Yahoo Mail Hacked Again – Serious Questions Raised About Its Ability to Protect Users.
Yahoo Spam image source:
Letter Eye Media. (2012, December 22). Time To Ditch Yahoo Mail ASAP