Yahoo email server hacked worldwide? Or is it just me?!

agarnett

I use Windows Live Mail as my email client for the multiple email addresses I need to use for different purposes. Windows Live Mail is part of Microsoft Windows Essentials. It started life as Outlook Express and in Windows 10 there is yet another free email client built in which I haven't dared use yet!

Generally speaking Windows Live Mail works ok, but of course the regular "Contacts" that build up somewhere deep inside Windows Essentials are not specific to just one of my email accounts - they are a collection of all my contacts. Some I add manually myself, and some seem to be automatically added to the Contact list when I have used them more than a few times.

The heading of this thread is "Yahoo email server hacked worldwide? Or is it just me?".

The reason I wrote two long paragraphs about Windows Live Mail is in case some bright techie person can see a link with my main observations of a particular type of Spam mail I seem to have started receiving randomly which all see to have a Yahoo connection. Am I alone I wonder?

The emails are all one liners each simply offering a referrer type ad link I think (I have recklessly clicked on a couple and they seem to go via the referrer link to places like (if not uniquely to) http://businessinfodaily.com which is simply an ad about making a fortune at home on the internet.

They all look the same and are apparently signed by name by a few people I know who have Yahoo email addresses that I have used to contact them previously. They are all arrive in this kind of form (I have anonymised the one I received this morning):

From: Cousin Garnett
Sent: Thursday, September 10, 2015 11:54 AM
To: Alfred
Subject: from: Cousin Garnett

Hi Alfred

godogwalker - dot - com/meat.php?love=x999y777z12345 <--- NB I have deliberately corrupted the url by removing the dot, the active hyperlink, and changing the 'love=' parameter, so don't attempt to follow this link or any part of it unless you know what you are doing! ... Alf


Cousin Garnett
cuzgarnett@ymail.com

The particular one I received today says as you can see in the signature text it is from a ymail.com address. Others I have received are ostensibly from yahoo.co.uk addresses.

But in the Message Source properties (less techie types please bear with us!) the sending email starts with my contact's expected email address prefix before the @ sign but with a completely different domain. So for example the one above says in the body of the email text as you can see that it comes from cuzgarnett@ymail.com but the Message Source says it actually is "Received From" from cuzgarnett@naked.co.jp which is a false address. The Message Source also says it is received by (routed via?) www999b.sakura.ne.jp.

It's annoying but because I do have good protection on my computer I am not particulary concerned as yet. But it needs getting to the bottom of so I am here to share what I have seen.

Anyone know what is likely to have happened here?

I have read a number of complaints recently on the internet such as "Help! Receiving Spam from myself. Yahoo". Is this actually a corruption or hack specifically within Yahoo, or is it my problem do we think?

I hasten to add that I do have a Yahoo email account but it isn't set up in my Windows email client and never has been. I never use it and I have not like others seen "Spam from myself". But I do use Yahoo Messenger daily to stay in contact with one other person when they are at their desk. I do not suffer from any Spam in Yahoo Messenger.

Any clues - anyone?

Browntoa

It's just standard spoofing

Moneymaker

The basic lesson is that "free" email is a prime target. The likes of Yahoo!. Hotmail and Google have already suffered major hacks (e.g. stealing of email address book contents) and if your own email address is in someone's address book on a free email server, it's going to get "skimmed" one day soon, if not already.

The simple answer is to have your own private email server (about £25 per year for unlimited email addresses) and use throw-away addresses (forwarders) to give to friends.

agarnett

Er I beg to differ.

I've been on the internet much longer than most and this is the first time I have suffered this exact type of "spoofing". It may well be standard August/September 2015 spoofing, but it wasn't "standard" for me until recently!

If it is coming from outside and is not being generated within my own email client or servers then it signifies that someone has been hacked. That's not standard spoofing. And it is not something to dismissed so lightly, is it?

In the example above, cuzgarnett@ymail.com is the real life contact and Cousin Garnett is the real name of the contact, and we each of course do know each other.

How do the perps know this? They can only know it by hacking.

That's dangerous.

It is along the lines of a bank using "open" email channels to occasionally contact a customer but first warning the customers

"There are constant phishing attempts from sources who may pretend to be us. When we email you, we will only ever prefix the email using your correct name in the body of the email and we will also give another piece of your personal data usually postcode in the body of the email so that you know it is us."

What I have observed begins to defeat such "security" measures from banks that still do that.

These spoofing emails as you call them Browntoa are actually using real personal data as a confidence trick.


How is it being achieved? How did they get it? Or is the personal data never leaving my possession in the first place and is some kind of self-spamming as others have called it?

And Moneymaker, your suggestion sounds sensible, but I do not believe it protects the recipient of these mails. The hacking would appear to be perpetrated against those that use GMail Hotmail Yahoo or whatever i.e. my contacts who are perhaps more gullible than you or I. However, I think it is the subsequent "spoofing" which 9 times out of 10 does reach the intended recipients and arrives as in front of its intended audience as an attempted confidence trick irrespective of their private email hosting arrangements.

I use such an arrangement with my own domains hosted at a major UK hosting provider but it hasn't stopped these getting through and nor would I expect it to unless and until it is recognised as a common problem by the hosting providers rather than something that is dismissed as random low level spoofing not worth trying to filter out.

Incidentally, writing off GMail as inherently unwise to use for anything important (if that is what you are doing) might be a bit rich for those major establishments e.g. educational institutions who have been persuaded to give up their own servers and have their email domains hosted as an integral part of GMail

Ant555

They all look the same and are apparently signed by name by a few people I know who have Yahoo email addresses that I have used to contact them previously

There are a multitude of ways that email addresses can get into the wrong hands but referring to the paragraph above, is it likely that all these people either know each other or is there the possibility at least one of them would also have these email addresses in their own address books as well as you?

If a PC is compromised then often that can result in an older style email address book being copied/stolen/hacked (whatever you want to call it)

That can mean that if your address is in that address book then several things might happen - the spammer might randomly select your email address as the one that it appears the spam has come 'from'. This means that any bounces or replies will go to you.
Or, the dodgy message will be sent to everybody in that address book pretending to be one of the people in the address book, after all there is a chance that the people might know eachother and are more likely to click on something attached. This can happen several times selecting a different person each time as the 'lead' sender.

As you regard yourself as a seasoned internet user, its likely that its not you that has been compromised but someone that has your email address in their address book.

I hope this helps

RumRat

I suspect Cousin Garnet will get quite a bit of spam generated from having his email put on here...;)

London_Ash

Sorry to break it to you, but this type of spoofing has been happening for many years.
They simply change the domain the email is coming from. I regularly receive emails which are apparently from myself or family members, because they are spoofed email addresses. This is quite easy to do.
I've seen it done since around 2002 or so.

agarnett

Thanks Ant555.

I am not sure what LondonAsh thinks he is breaking too me. Are we being urged to accept that hacking and spoofing methods used in 2002 are still as effective as they were then, and that hacked email addresses are "normal" and to be tolerated?

In just two more years we can look forward to celebrating 15 years of continuous uninterrupted email hacking and spoofing perhaps?

And RumRat, I've a feeling Cousin Garnett is safe from Spam for now at least
PS Anyone know how to get a new ymail.com address?

esuhl

agarnett wrote: »

I am not sure what LondonAsh thinks he is breaking too me. Are we being urged to accept that hacking and spoofing methods used in 2002 are still as effective as they were then, and that hacked email addresses are "normal" and to be tolerated?

Pretty much. "Spoofing" isn't a malicious method that spammers discovered; it's an integral feature of email. The sender field is not validated.

And surely you've read how many large corporations (like Yahoo, etc.) have their user databases hacked? Surely you realise that malware exists that can send address book lists to spammers? Do you think companies that only make money out of advertising and harvesting personal data care much whether your data are stolen?

If you don't want to be hacked, use your own email server and secure it. Insist that everyone who uses your email address also runs their own secure email servers. Subject them to regular penetration testing, and employ white-hat hackers to identify any vulnerabilities.

buglawton

I had precisely one email about 4 days ago which by luck I noticed in my Yahoo spam folder. It was brief - just a highly suspect link - and the email prefix was from my wife's email address (a highly unusual one) the suffix after the @ was something else. First conclusion might be that my wife's email was recently hacked and someone is now impersonating her identity but using a different email server.

2nd possibility is that her email address recently got onto someone's spam sending list and the prefix is now being used to impersonate her.

3rd possibility is that Yahoo has indeed been hacked and the hackers have got everyone's Yahoo contacts lists now.

The spammer/hacker seems to know wife & I are on each other's contacts lists. But I don't think they have her email password or the spam/hack attempt would've come from her real email address (unless it's a clever stealth move, not to reveal that her password is compromised).

I checked wife's spam folder to see if the reciprocal thing happened - not yet.

Coincidentally yesterday Yahoo email on Apple devices was offline for hours.

Tinfoil hats at the ready, folks!

tronator

I don't understand how you think Yahoo got hacked. Someone who has both of you in his address book got a virus and now this PC sends out spam messages with spoofed from addresses. They just take the local part of an email address and replace the domain with something else. Do you think that is difficult to do?

Also, you should never click a link in a spam message, especially if it contains a string like in your example. By clicking it you confirm the validity of your email address and you will receive even more in the future.