Receiving Email from a Yahoo account warning

You may receive an Email from a friend [or someone in the family] who has a Yahoo account. [The Email address sent from may not be a Yahoo account but the person has one.]

In the Email, which may not have a subject, it will give you most likely a one line paragraph and to click on a link.

It may be something like:

“You can’t miss it! It’s my favorite one!”

The site above does not exist but is an example. Replace “Johnny” with the name of the person that sent it to you.

DON’T Click on the link in the Email.

Verify with the individual if they sent it. Do not reply to that Email directly.

I have received two of these the past couple of days. These are probably related to one of the two huge hacks on Yahoo over the past couple of years or so.



Yahoo recycling e-mail addresses

Aside from the news that Yahoo is now scanning you e-mail for keywords to be used for advertising, they are also involved in another issue.

Yahoo began to recycle old e-mail addresses that have been shut down for a year or more.

This has opened a new can of worms as some people who are using the recycled addresses are receiving personal messages that were intended for the original account holder. Some of the messages contain sensitive personal information such as data about other accounts, appointments, emailed receipts, and other personal information.

Yahoo claims that before reassigning the recycled addresses, they attempted to contact the account owners in several ways. Additionally they would unsubscribe the dormant accounts from alerts and newsletters. Additionally they notify merchants, ecommerce sites, financial institutions, social networks, email providers, and other others that the account no longer exists before reassigning the name.

Problem could occur if some illegal activity was associated with the old account such as child pornography or maybe the account is getting spam and the spammers’ domain doesn’t seem to care about blocking the messages or punishing the sender.

This is also a huge hole for possible identity theft. While most are smart enough to not give out sensitive information, others are.

For example if someone decided not to change their Facebook account login e-mail address but did ignore their Yahoo account, the new owner could theoretically reset the Facebook account and access the personal information because they have the e-mail address associated with the Facebook account.

If anything a dormant account longer that 2 or maybe 3 years would have been more logical.

Of course why on earth are they bothering? It is not like there is a shortage of e-mail address like IPv4 addresses.


Who’s reading your Emails?

In an oddly surprising move, Google admitted that they electronically read Emails to improve the ads sent to you as well as other various reasons including replacing real shopping search results with paid ads, to sharing your personal information with application developers.

In a class action lawsuite, google stated “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” [see here]

Various columnists on the Internet have stated that they are surprised or even outraged at Google stance including:

  • Consumer Watchdog recently said “If they [Google] take privacy seriously, then they must amend their brief and stop reading and analyzing the content of email we send to their system.”
  • Business Insider’s Ira Kalb says that “Google crossed the creepy line, and it owes everyone an apology.”
  • Molly Wood at CNET says that “Google is freaking scary, full stop.“

If you also remember that when Google were sending out those specialized cars with the cameras on top to capture street views [that also caused privacy issues in various countries], they were also snooping around and grabbing data from unprotected Wi-Fi networks as they did so and said nothing until it was revealed.

Former NSA and CIA Director Michael Hayden has alread mentioned that Gmail is the most widely preferred by terrorists – oddly since messages are read. [Wondering if they get advertisements for RPGs, AK-047, etc. 🙂 ]

Yahoo recently killed off the “classic” Mail site and are now forcing users to use the new mail site where users are subject to the electronic email reading like Gmail.

According to a new terms of service agreement, itt grants Yahoo the permission to “scan and analyze all incoming and outgoing communications content sent and received from your account.” Yahoo will collects and stores some data to “provide personally relevant product features and content, to match and serve targeted advertising and for spam and malware detection and abuse protection.”

Yahoo offers an opt-out option here. Oddly at the bottom, it gives some details of who you are. They got my age range right but show me as a female. 🙂

Google also has an application called the “Google Analytics Opt-Out Browser Add-on” here for the major web browsers.

Microsoft claims that they do not read messages electronically. Whether or not you believe them, that’s a different story.

Aside from the conspiracy theory nuts, that is.

[Update 2013/09/27:] A US federal judge in California has ruled that a lawsuit brought against Google for violating US wiretap law may move forward. The lawsuit alleges that Google violates the law when it scans email messages. Google maintains that it scans all emails that pass through its servers to check for spam as well as to create user profiles and provide targeted advertising. Google was seeking to have the lawsuit dismissed under a portion of the wiretap law that allows email providers to intercept messages if the action helps the message get delivered or is incidental to the efficient functioning of service. US District Judge Lucy Koh wrote in her decision, “the statutory scheme suggests that Congress did not intend to allow electronic communication service providers unlimited leeway to engage in any interception that would benefit their business models.”

Yahoo fails to break search deal with Microsoft

Since becoming Yahoo CEO, Marissa Mayer has tried and failed in attempts to end a 10-year search agreement between Yahoo and Microsoft that was started in 2010.

Mayer has been eyeing a potential deal with Google but contractual restraints due to the Yahoo’s deal with Microsoft may temporarily kills any deal for now. Yahoo and Google have agreed on an alternative search deal should the collaboration with Microsoft end.

Mayer is a former Google executive. I’m wondering if her closeness with some of the Google executives may make a future deal a bit lopsided [in Google’s favor]. In February, Mayer admitted that the 10-year agreement has not resulted in either the market share or revenue that Yahoo wanted to achieve.

The pact expires in 2020 but there is an option in 2015, where either company can back out of the deal or if the Bing engine is sold off. So Mayer has to wait probably up to 2.5 years to kill the pact. [I’m sure Microsoft won’t kill it.]

The previous Yahoo management made the deal. Mayer is stuck with it. Unsure if there is an option to exit the pact [aside from the 2015 date], but if they were smart [clearly not], there should of been a wait to break the deal if [for example] certain levels weren’t achieved or even just a generic buyout clause.

Meyer should face it – she has a huge uphill battle. Even switching to Google’s search engine won’t help. Yahoo has other problems with other Yahoo areas such as the account hacking and the number of spam that comes from Yahoo’s mail server. They should make it harder to send out spam such as restrict the number of BCC/CC/To addresses that can be sent out [at least initially].

Was Yahoo hacked?

Within the past couple of days, a bunch of people I know who have a Yahoo account have sent me garbage/spam/scam Emails.

But they weren’t from them.

Two Emails are from people I know with Yahoo accounts who are in Yahoo Groups with me. Others are friends of the family.

As of yet, I haven’t heard anything about a hack. But to get this many in a couple of days after none [from people I know] is a bit odd.

This doesn’t even include a spam message or two that creep by my provider’s spam filters that originate from Yahoo.

Seems scammers, phishers and spammers are turning to Yahoo because it seems Yahoo is too easy to send out their crap without getting shut down.

Or maybe the people at Yahoo are just incompetent.

[And this is just the few messages I get that do creep by my provider’s spam filers. I wonder how many get stopped.]

If you have a Yahoo account, change your password!

Come on, use tough passwords

Over the past week I have had three friends who have had their Email accounts hacked – two on Yahoo and one on Hotmail.

In all three times, no subject line but a link pointing to a web site – most likely pointing to a page that contains either some scam or some malware infested site.

If you see an Email with no subject line and just a link to a web site, then don’t click on the link. That said, to those who have Yahoo, Gmail, Hotmail as well as other free mail site –  CHANGE YOUR PASSWORD TO SOMETHING HARD.

Your password should be lengthy, containing upper and lower characters, numbers and special characters (think $, %, *, &, etc.).It should not contain any words that make up an actual words in any dictionary. For example LikeMike ain’t good.

Some suggestions including swapping characters in words such as “O” or “0”, “1” for “L”, “S” for “5”, etc. Others suggest taking (for example) the first or second letter of a sentence and use it for a password. For example for “What we got here is failure to communicate” use “Wwghiftc” (you can then do a letter to number substitution after).

When you use a weak password, not only do you end up with problems trying to clean up what was done but now all the people in your contacts may get spam messages even if you do get to change your password as they may keep your contacts’ addresses for future spamming.

You don’t have to have a different password for every web site if you have set a very difficult password. Although financial, government, primary Email and some specific sites should be unique.