I received a rather bizarre e-mail last Saturday night just as I was getting ready to enjoy a lovely evening at a Marlins game. It came in to my business account from my Yahoo account and was asking me to send money to myself. According to the e-mail I was attending a seminar in England and needed some extra cash. This was all news to me as I was sitting in my Boca Raton home.
About that time my significant other wandered in wondering what I was up to and why I was “urgently” requesting a cash advance. His main concern was that this transaction might cause us to miss the opening pitch. My main concern was that one of my clients or friends might receive the e-mail and actually fall for this scam.
Yikes! I’ve written a couple of books and produced training videos on Outlook which included information on e-mail security. My network is harder to access than Fort Knox. How could this have happened?
Once the initial panic subsided I thought about the problem with a bit more clarity. I only use the Yahoo account for “shopping” purposes and took comfort in the fact that all the companies that typically spam me to buy more products, etc, will receive a bit of spam of their own. However, I needed to remedy the situation and, more importantly, prevent it from happening again.
My first step was to change my Yahoo password. I then brainstormed for possible ways that this hacking might have occurred. The list I came up with was rather short:
- My computer has virus. This seemed unlikely because only my Yahoo account was affected and none of the numerous business accounts that I have in Outlook.
- Someone stole my Yahoo password. Again, this seemed rather unlikely as I don’t post my password on the Internet or write it on a sticky note hanging from my monitor.
- I checked my email from an infected PC. A possibility, but because I rarely send or receive e-mail from my Yahoo account I have no reason to check this account from anywhere else than home.
- I was drunk or on some other mind-altering substance and actually sent the e-mail. A possibility except for the fact that I’ve never been very good at creating April Fool’s pranks or other hoaxes. And I haven’t suffered from a hangover – or even a bad headache – lately.
- Yahoo got hacked.
OK, I hate to point fingers but Yahoo seemed the most likely culprit. So on Sunday I began to scour the Internet looking for other folks who had experienced the same thing. I’ll have to admit that this was a bit time consuming as I had to keep reassuring various acquaintances that yes, I was all right and no, I didn’t need their financial assistance at this time. My Internet search turned up lots of people who had experienced the very same problem that I had. Ironically, in addition to Yahoo users, many folks using Gmail and Hotmail accounts had experienced the same problem I had.
Since I now felt comfortable in the knowledge that Yahoo had been hacked, I scoured the Yahoo help site for references to the problem and found – nothing. Except of course for a few articles telling me how to change my password. Hmm. So Yahoo users routinely had their accounts hacked, but Yahoo wasn’t taking action? Say it ain’t so, Joe!
I now set about trying to contact someone at Yahoo. Surely they would be concerned enough to take action. Surely they would want to prevent this from happening to other Yahoo users. I found several messages advising me to change my password but no specific reference to any responsibility on the part of Yahoo. It seemed to me that if someone was hacking into Yahoo and grabbing passwords Yahoo would want to know about it and, more importantly, put a stop to it. After hours of trying I finally reached a heavily-accented person who, after several minutes of hold time, came back on the line and offered to walk me through the process of changing my password.
I now know what it feels like to come home and find that your house has been robbed. My personal property was pillaged by some faceless low life and I feel violated. The bad guys have won. My main reason for posting this article is to get an idea of the number of other folks who have had their accounts hacked. If it’s happened to you, let me know!