There’s an insidious hack you need to check on immediately — whether a hacker has changed your settings to auto-forward all your email to another address he controls. He doesn’t care whether you’ve changed the password, if all your email is going to be auto-forwarded to him! In fact, he hopes that you regain confidence in your Yahoo! email and continue using it.
The hacker then might use yourname@yahoo.com addy to log into your bank and provoke a password reset by hitting the forgotten password link. Your bank will then send a link to your Yahoo! email to reset your old password, or may even send a temporary password. Yahoo! would then auto-forwarded that email to the hacker — without your even being aware of it.
Worst case scenario is you use the same password for different accounts — which, of course, you should never do. Game over, you lose.
Hopefully, you’ll have a different password for your bank account, so he’ll then try to answer your security questions — which he might be able to guess from reading your emails and all your social media accounts. He may even spoof an email to a friend (whose contacts he would have scraped while he had access to your Yahoo! account) — wherein he asks them for the answers to one or more of your security questions like “Do your remember what street did we live on back in the day?” etc. etc.
Here’s where to check for auto-forwarding in Yahoo! email …
• Log into your Yahoo! …
• Hover over the Gear icon and select “Settings”. …
• Select the “Accounts” option in the left frame. …
• Click the “Edit” button next to your account name. …
• Select the “Forward” option. …
• DELETE any suspicious addresses that email is being forwarded to.
Yahoo! no longer uses security questions, so you can’t change or delete them. Since the “big” Yahoo! hack, recently announced, occurred several years ago — when they were still in effect — assume the hacker has downloaded those too and will share them far and wide. Meaning you should not have these same questions and answers in effect at other sites, especially where you login using your Yahoo! email address.
The same issues would be true if any of your other email accounts are hacked, including Gmail — although the instructions on how to check on and change auto-forwarding would be different.
Given how deliberately lax Yahoo! has been with their security and irresponsibly tardy* in telling us about the recent hack you should seriously consider using an alternate email address for your important business. I happen to think we should all use a separate email account, which does not identify us personally, for accounts which involve money.
UPDATE: Recent reports say that Yahoo! has disabled their auto-forwarding feature, which would suggest to me that they’re trying to prevent hackers from doing exactly what I described here. My guess is, the feature won’t be back until users have re-established control over their accounts.
Please share this information with all your friends that have Yahoo! accounts — thanks!
*How Yahoo Totally Blew It on Security
slappHappe 