• its-time-to-leave-unsafe-yahoo-mail
SCARS Institute's Encyclopedia of Scams™ RomanceScamsNOW.com Published Continuously for 25 Years

SCARS Institute’s Encyclopedia of Scams™ Published Continuously for 25 Years

In 2025 the SCARS Institute will enter its 11th year of Supporting Scam Victims Worldwide. Please let us know how we can better help you? Thank you for supporting our organization. SCARS Institute © 2024 www.AgainstScams.org

RSN™ Special Report: It’s Time To Leave Yahoo Mail

It’s Been Two Years Since Yahoo’s Data Breach – What Have You Done To Stay Safe?

Far Too Often Victims Believe “THEM, NOT ME”

Except, 3 billion Yahoo accounts were hacked

The massive data breach can be an opportunity to do some cleanup and implement security recommendations.

If you had a Yahoo account in 2013, your name and password were stolen. Not maybe, they were!

Yahoo expanded the scope of its massive data breach on Monday. In December, the Internet giant announced a hack that affected over a billion accounts, making it by far the largest data breach in history. Now, the company says that every Yahoo account in existence in 2013—more than 3 billion—was breached. The hackers walked away with password hashes that can be easily cracked.

If you’re a Yahoo user you should consider yourself betrayed.

Your password was compromised and you should take all the necessary steps to secure all of your accounts.

Of course, you should follow all of Yahoo’s recommendations for securing your Yahoo account, such as changing your password and watching for suspicious account activity, but perhaps it is also time to demonstrate that enough is enough and simply walk away from unsafe online services such as: Yahoo mail, Google+, Google Hangouts, and many more. You may not even know what services you have signed up for – many people do not. One way to find out is to take a day and go through old emails and see. Cancel what you do not use.

Here are a few more advanced tips that you should have in mind.

Never Reuse Passwords

There are many secure password management solutions available today that work across different platforms. There’s really no excuse for not having unique, complex passwords for every single account that you own. If you do want memorable passwords for a few critical accounts use passphrases instead: sentences made up of words, numbers and even punctuation marks.

Change your passwords to use passphrases: two or three word phrases with punctuation and numbers!

According to Yahoo, this breach happened in August 2013, at a time when the company hadn’t yet switched to the more secure “bcrypt” password hashing algorithm. As a result, most passwords that were stolen are in the form of “MD5” hashes, which are highly vulnerable to cracking.

If you made the mistake of using your Yahoo password elsewhere and haven’t changed it yet, you should do so immediately and review the security settings of those accounts too.

It’s very likely that hackers have already cracked your password and had three years to abuse it.

Two-Factor Authentication Everywhere

Turn on two-factor authentication—this is sometimes called two-step verification—for any account that supports it. This will prompt the online service to ask for a one-time-use code sent via text message, phone call, email or generated by a smartphone app when you try to access the account from a new device. This code is required in addition to your regular password, but if you stay with Yahoo they also have a feature called Account Key that does away with regular passwords completely and instead requires sign-in approval via phone notifications.

Two-factor authentication is an important security feature that could keep your account secure even if hackers steal your password.

Don’t Save Emails You Don’t Need

Because space is no longer a problem with most email services, users tend to never delete emails. While that’s extremely convenient, it’s not a very good idea, because it allows hackers to easily discover what other online accounts are tied to that address by searching for sign-up or notification emails from various online service providers. Sadly in this digital age, get a paper notebook, like a “Moleskin” and keep a record of your accounts.

Aside from exposing the link between your email address and accounts on other websites, sign-up and notification emails can also expose specific account names that you’ve chosen and are different from the email address.

You might want to consider cleaning your mailbox of welcome emails, password reset notifications and other such communications. Sure, there might be other ways for hackers to find out if you have an account on a certain website or even a number of websites, but why make it easier for them to compile a full list?

Check Your Email Forwarding And Reply-To Settings

Email forwarding is one of those “set it and forget it” features. The option is buried somewhere in the email account settings and if it’s turned on there’s little to no indication that it’s active.

Hackers know this. They only need to gain access to your email account once, set up a rule to receive copies of all your emails and never log back in again. This also prevents the service from sending you notifications about repeated suspicious log-ins from unrecognized devices or IP addresses.

Another technique that attackers might use to get a copy of your emails is to change the reply-to address in your email settings, although this is noisier and can be spotted more easily than a forwarding rule.

The reply-to field is included in every email message that you send and allows the recipient’s email client to automatically populate the To field with an address you chose when they hit reply. If a hacker changes the reply-to value with an address that he controls, he will receive all email replies intended for you and these typically include the original emails that you sent.

In order to ensure that you also get those replies, the attacker can set up a forwarding rule in their own email account and automatically forward those replies to your address.

To check for “reply-to” changes just send yourself an email from your account and look at the reply address!

Phishing Follows Breaches

Large data breaches are typically followed by email phishing attempts, as cybercriminals try to take advantage of the public interest in such incidents. These emails can masquerade as security notifications or account login alerts, can contain instructions to download malicious programs that are passed as security tools or can direct users to websites that ask for additional information under the guise of “verifying” accounts.

Be on the lookout for such emails and make sure that any instructions you decide to follow in response to a security incident came from the affected service provider or a trusted source. Official Yahoo emails are easily recognizable in the Yahoo Mail interface because they are marked with a purple Y icon. The same tends to be true in other services from Gmail to Facebook.

Never click a link in an email unless you are absolutely sure it is real!

In the future, be selective in what personal information you choose to share and which websites you choose to share it with, even when those websites are legitimate. There’s no guarantee that they won’t be hacked in the future and you simply don’t know how securely they store your details.

In Yahoo’s case, the compromised account information includes names, email addresses, telephone numbers, dates of birth and, in some cases, unencrypted security questions and answers.

These details can be used to impersonate you or to authenticate you on other websites.

Don’t provide real answers to security questions, if you can avoid it. Make something up that you can remember and use that as an answer.

Time To Cut The Cord

Lastly, think about cutting the cord on all accounts that you do not use on a weekly basis.

What is you are not sure you have an account? Go to a service you suspect that you had an account with, and try a password reset using your email address(s). If it accepts the email address then you know there is an account under that email. Reset the password, enter the account and delete it.

Sadly, that probably should include Yahoo itself!

That is our recommendation!

Society of Citizens Against Romance Scams


RSN Team
a division of SCARS
Miami Florida U.S.A.

 

 

END

 

More Information From RomanceScamsNow.com

– – –

Tell us about your experiences with Romance Scammers in our Scams Discussion Forum on Facebook »

– – –

FAQ: How Do You Properly Report Scammers?

It is essential that law enforcement knows about scams & scammers, even though there is nothing (in most cases) that they can do.

Always report scams involving money lost or where you received money to:

  1. Local Police – ask them to take an “informational” police report – say you need it for your insurance
  2. Your National Police or FBI (www.IC3.gov)
  3. The Scars Worldwide Reporting Network HERE or on www.Anyscam.com

This helps your government understand the problem, and allows law enforcement to add scammers on watch lists worldwide.

– – –

Visit our NEW Main SCARS™ News & Information Facebook page for much more information about scams and online crime: www.facebook.com/SCARS.News.And.Information

 

To learn more about SCARS visit www.AgainstScams.org

Please be sure to report all scammers HERE or on www.Anyscam.com

All original content is Copyright © 1991 – 2018 SCARS All Rights Reserved Worldwide & Webwide – RSN/Romance Scams Now & SCARS/Society of Citizens Against Romance Scams are all trademarks of Society of Citizens Against Romance Scams Inc.

 

RSN™ Special Report: It's Time To Leave Yahoo Mail 1

Published On: October 22nd, 2018Last Updated: March 24th, 2022Categories: Facebook Social Media & Online SafetyTags: , , , , , , , , ,

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

Article Rating

0
(0)

Table of Contents

ARTICLE CATEGORIES

POPULAR ARTICLES

Rapid Report Scammers

SCARS-CDN-REPORT-SCAMEMRS-HERE

Visit SCARS www.Anyscam.com

Quick Reporting

  • Valid Emails Only

  • This field is hidden when viewing the form
    Valid Phone Numbers Only

Subscribe & New Item Updates

In the U.S. & Canada

U.S. & Canada Suicide Lifeline 988

U.S. & Canada Suicide Lifeline 988

RATE THIS ARTICLE?

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

LEAVE A COMMENT?

  1. RSN™ Special Report: It's Time To Leave Yahoo Mail 2
    Donald Wright October 22, 2018 at 9:48 am - Reply

    I’ve been blackmailed by osei Elizabeth phone number+ 233546307602

Your comments help the SCARS Institute better understand all scam victim/survivor experiences and improve our services and processes. Thank you


Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.

Recent Comments
On Other Articles

Important Information for New Scam Victims

If you are looking for local trauma counselors please visit counseling.AgainstScams.org or join SCARS for our counseling/therapy benefit: membership.AgainstScams.org

If you need to speak with someone now, you can dial 988 or find phone numbers for crisis hotlines all around the world here: www.opencounseling.com/suicide-hotlines

A Note About Labeling!

We often use the term ‘scam victim’ in our articles, but this is a convenience to help those searching for information in search engines like Google. It is just a convenience and has no deeper meaning. If you have come through such an experience, YOU are a Survivor! It was not your fault. You are not alone! Axios!

A Question of Trust

At the SCARS Institute, we invite you to do your own research on the topics we speak about and publish, Our team investigates the subject being discussed, especially when it comes to understanding the scam victims-survivors experience. You can do Google searches but in many cases, you will have to wade through scientific papers and studies. However, remember that biases and perspectives matter and influence the outcome. Regardless, we encourage you to explore these topics as thoroughly as you can for your own awareness.

Statement About Victim Blaming

Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and to not blame themselves, better develop recovery programs, and to help victims avoid scams in the future. At times this may sound like blaming the victim, but it does not blame scam victims, we are simply explaining the hows and whys of the experience victims have.

These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens and then they can learn how their mind works and how to overcome these mechanisms.

Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org

Psychology Disclaimer:

All articles about psychology and the human brain on this website are for information & education only

The information provided in this article is intended for educational and self-help purposes only and should not be construed as a substitute for professional therapy or counseling.

While any self-help techniques outlined herein may be beneficial for scam victims seeking to recover from their experience and move towards recovery, it is important to consult with a qualified mental health professional before initiating any course of action. Each individual’s experience and needs are unique, and what works for one person may not be suitable for another.

Additionally, any approach may not be appropriate for individuals with certain pre-existing mental health conditions or trauma histories. It is advisable to seek guidance from a licensed therapist or counselor who can provide personalized support, guidance, and treatment tailored to your specific needs.

If you are experiencing significant distress or emotional difficulties related to a scam or other traumatic event, please consult your doctor or mental health provider for appropriate care and support.

Also read our SCARS Institute Statement about Professional Care for Scam Victims – click here to go to our ScamsNOW.com website.

If you are in crisis, feeling desperate, or in despair please call 988 or your local crisis hotline.