I'm run a one-man computer tech business. I've been seeing a disturbing trend the last several months with Yahoo email accounts getting hijacked and sending out spam and worse. I"m getting either calls (or spam mail from their hijacked accounts) from at least 3 or 4 of my clients or friends every week now. I'm spending a lot of time helping reset passwords as a result - (BTW - ATT DSL clients have many hoops and different websites to run through to change their email password).
I've seen at least the following situations.
1. Guessing passwords - It appears to me that many of these hijacks are from some kind of password guessing hack as there don't appear to be any other ways to have gotten the email password - no viruses or malware found to be stealing passwords.
2. Phishing email messages - I've seen a few that have been tricked into disclosing their email passwords from clicking on links within bogus phishing email messages declaring that their account needs to be validated or some similar nonsense.
I've also seen a variety of 'impacts' with most just sending out spam messages to everyone in the contact list until the password gets changes. But I've seen at least twice where the spammers have added an alternate email address to the user's yahoo account and then setup forwarding of messages to that alternate email address. That results in the spammers receiving all of the emails the user would have received (with the user getting none) and the spammers getting a list of real addresses and potentially other private information. It also would hide any attempts at hacking into other online services (facebook, amazon, etc...) and resetting passwords or other nasty stuff.
If I'm seeing 3 or 4 a week in my little one-man business this must be epidemic around the world with thousands of accounts getting hijacked every day.
My questions are does Yahoo know about how bad this is getting - are they doing anything about it - do they care? I'm hoping that someone has the ability to ask Yahoo these questions since attempts I've made to contact them as an individual go unanswered.