I received two pretty weird e-mails from a friend of mine in the last twelve hours.  The first had the subject line "hello" and the latter was "the rest".  Both e-mails indicated that my friend was trapped in Nigeria (of course) and needed me to wire money urgently so that she could get out of the country.

Only one problem.  My friend is not in Nigeria, and the e-mails are clearly the work of spammers.


They aren't spoofed!  

Spammers hacked into her Yahoo mail account -- which she indicates had a non-guessable password comprised of letters and numbers.  Once they did, they changed her password as well as hacking and changing her security key (which is a wow to me, since Yahoo doesn't even give you a hint as to what it is when you go to try to change it).

Now they have access to her account, and are sending e-mails to all of the contacts in her address book.  The e-mails aren't spam filtered, because they are truly coming from her @yahoo.com mailbox.  They are even signed with her name.

She has contacted Yahoo twice, and they have been most unhelpful.  Because her security key was changed, Yahoo can't confirm her ownership of the account anymore.  They claim when she has called that her mother's maiden name doesn't match the account, and that that was the identification she agreed to when she signed Yahoo's terms of service.  I asked her why Yahoo wasn't willing to try to go back to a prior state -- certainly they must have a transaction log and can sort out when it was changed, what IP address, etc.  She isn't the first person whose account has been hacked.

My friend indicates that she has googled around to try to find how others who have had this happen -- and it has definitely happened to others -- addressed it.  Unfortunately, most have decided not to fight Yahoo, and just written off their mailboxes.  That seems too fatalistic to me, and certainly won't get my friend access to years worth of e-mail and contact information.

Anyone seen this and danced with the Yahoos to make it right?

Post a Comment