Last month I was going through my emails when I spotted one addressed to me from myself!
I looked at it for a few moments racking my brains to recall why I had sent myself an email from my Yahoo account. What’s more I noticed that several other people had been copied in on the email. My suspicions were definitely aroused when I noticed a single link in the email contents.
Within about five minutes of seeing the emails I had two calls from people that had received the email, asking me why I had sent it to them.
Wikipedia defines email spoofing as follows:
‘Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because core SMTP doesn’t provide any authentication, it is easy to impersonate and forge emails.
Although there are legitimate uses, these techniques are also commonly used in spam and phishing emails to hide the origin of the email message.’
In short my Yahoo account had been ‘hijacked’ and people listed in my contacts were being targeted by villains to cause mischief and mayhem. Fortunately I use the Yahoo account mainly for test purposes and don’t really store contacts on the account – If I did the fall out could have been a lot worse.
Here’s some top tips on how to spot an email containing a virus/spyware threat:
1. If you do not recognise the sender (no good for spoofed emails) don’t open the email – delete it.
2. Be especially careful opening emails that could be legitimate. E.g. you are waiting for a parcel and get an email from Parcel Force or some other well known carrier.
3. An email that suggests that your password has expired and you need to click a link to reset it! Why would an organisation who process thousands if not millions of accounts, stop to ask ‘little old you’ to change your email password! Responsible departments like Government offices, banks, building societies etc would never contact you to ask you to log in and change or confirm account details.
4. If the email contains no ‘Subject’ treat with extreme caution.
5. If there is only a link in the message treat with extreme caution.
6. If you receive a combination of an email with no ‘subject’ simply containing a link from a ‘known sender’ treat with extreme caution.
Good Anti-virus products that contain plug-ins for email scanning are not fool proof but another layer of protection you should opt for.
Hacking of Web Mail Accounts
Regular readers of our newsletter may recall an article I did earlier this year about the problems users have experienced with online email accounts.
The fact that my Yahoo account has been ‘hacked’ brings up another serious point of consideration. How safe are accounts held in the ‘CLOUD’
Without wanting to scare monger, I did a quick web search for ‘hacking of Yahoo account’ on Google and found a surprising amount of disturbing information. Although I have not tried any of the suggestions it appears that hacking an account is simple.
I went onto the Yahoo website to see what could be done about my hacked account and found the following information:
‘If spam is being sent from your account, or data is inexplicably missing, it is likely that your account has been compromised. We urge you to complete the following steps immediately to protect your account:
1. Change your password immediately. This will prevent a third party from continuing to access your account. If your password no longer works, please visit our password reset wizard.
2. Verify that your account’s alternate email address has not been changed. If it has, correct it to match your records. This ensures that a third-party will be unable to access your new password.
3. Check your inbox and your Yahoo! Contacts list to ensure that data has not been deleted. If data is missing, there is a limited time frame in which it can be recovered. Please contact us immediately to request a restoration attempt.
Please visit our security centre to learn more about protecting your online security and your Yahoo! Mail account.’
For more help or information about Computing please visit my website at http://www.bryansdataprogramming.com/