Reptile & Amphibian Forums

Gah! I went to check my Yahoo email tonight and found out that someone has gotten in! Password doesn't work, can't get a new one because the my info doesn't match their profile anymore! I had to hurry and change my info on a ton of different sites (like paypal!) to be safe. Oh well. I've had that address for years now, and used it as my primary address. Luckily I had my ISP address set up again so I had someplace to change everything too. Of course, I had to get a new logon here, because I don't know of a way to change the email address attached to a username.
-----
-audri
Webpage/Pics

Audri,

I am sorry to hear that your Yahoo account has been hijacked. Hopefully they perp doesn't have access to any of your personal information through that account, and it sounds like you were able to change your other passwords in time to prevent more damage.

Just a tip for everyone... I know it is much more convenient to use the same email address and password combination for all of your online accounts, but if that email/password should ever fall in to the hands of the wrong person, he/she would have access to all of your online accounts (banking, PayPal, email, shopping, etc). How would someone acquire your email/password? Perhaps one of the smaller merchants that you shop at was hacked, or maybe you got an email that appears to have been sent from a well known merchant (eBay, PayPal, Yahoo, etc) asking you to log in to verify your account information. If you use the same email/password for everything, the bad guy is going to have a free-for-all. As inconvenient as it may seem to use different email/password combinations at different websites, it can definitely save you a big headache later (and may even prevent the theft of your identity).

Thanks for letting me ramble.
-----
Ronda Van Winkle
Northwest Herpetoculture

...scammers will spam everyone with fake PayPal, eBay, or Yahoo 'official' messages saying you need to confirm your information in order to keep your account, and then have a link which supposedly goes to the official website, but instead redirects you to THEIR website. Then, when you type in your information, this scammer is getting ahold of it. It's a very easy type of identity theft, and one they're getting GOOD at. Some of the fake emails will have spelling mistakes, or a few other mistakes, but most will mimic official email from the site pretty darn closely and the average person will not be able to tell the difference.

Tips for IDing the scam:
1. They say you'll lose your account if you don't give them this information.
2. The site you wind up at is not secure (it needs to be https:// to be secure, regular http:// is not).
3. They ask for craploads of information that they have no business knowing: your mother's maiden name, your SSN, your bank account numbers, your creditcard numbers, and your password.

Typically when a legitimate business wants to confirm your ID, all that's required is that you click on the link in the email. Since that business already HAS all the information it needs, the very act of clicking on that link registers the fact that your account is indeed active. Any sort of professional online business like Yahoo, Paypal, or eBay will never send out emails asking you to resubmit information they already have. These people have sophisticated backup data systems and will never (short of nuclear catastrophe) lose the information they have, so they never need to ask you to reconfirm or reenter it.

Other tips:
1. Change your password(s) every few months.
2. Use different passwords for different services. Never reuse a password used for something important (like online banking).
3. Don't use weak passwords. Pet names, relative names, and 'password' are all horrible passwords easily guessed by someone trying to hack into your stuff. There are other tips specific to password creation that I won't go into right now.
4. Use multiple email addresses to segregate email. If you have an email address you only use for important stuff and a second email address you actually use on public forums and whatnot, odds are scammers won't get ahold of your important-stuff email addy (and I mean keep it to -really- important stuff -- online banking and billing, NOT shopping, friends, or forum posts). Also, some sites offer the ability to create temporary email addresses which forward email to your account but stop working after so many messages. Please note that you do not want to use one of these as your important-stuff email address.

There are more tips and whatnot, but that ought to be a good start. Do a little research, and keep in mind that just because it came in an official-looking email doesn't mean it's legitimate.

-Kat
-----
"You keep WHAT in your freezer?"
"Mice. And rats. If that bothers you, I can call them 'cows' instead."

Yahoo has gotten pretty insecure in my opinion. Not that it ever really was secure, but I don't think they've kept up security like most of the other bigger names. I know several people who use and love yahoo, but personally, I won't use any web-based email servers again. Especially when you can buy and host a domain for 7$ a year and have 10 email addresses of your choice
-----
Dianne
AKA IcedGoddess
IcedGoddess Creations
Castle Serpents

When you click the "sign in" button at Yahoo, the default page to enter your email/password is insecure. You have to click "secure" to switch to a secure server. I wonder if that is something you can change in your preferences? Are all web based email services like that? Same thing with Kingsnake.com -- When you are asked to log in with your email/password, it is an insecure site.
-----
Ronda Van Winkle
Northwest Herpetoculture

I've known several people who have had their Yahoo e-mail accounts hacked. Thats one of the primary reasons I don't use it.

I agree with the other person who said that Yahoo doesn't seem as secure as the rest of the web-based e-mail services out there. In my experience, I've found that Lycos is pretty secure and a lot less spam in your inbox than Hotmail.

But as a general rule, I don't use web-based e-mails now that I'm out of college. I use the one provided to me from my ISP and I have a friend who owns the domain I use, and I pay $2 a year for my secure e-mail address that is in my signature.

As for the scams in e-mails, yes, the people sending them have gotten more creative nowadays in their ploys to try and get your personal information. I've just gotten to the point that I only open/read e-mail from people I recognize, and block/delete the rest. Saves me time and hassle, and the potential for a virus. Yes, occasionally I might delete a legitimate e-mail...but if I don't respond, they usually contact me through other means.

I too fall into the rut of having the same password for everything. But only cause I tried having different passwords, and basically locked myself out of important things. So maybe I'll have to work on finding a series of passwords that I can remember accurately. =P

You can't change your e-mail address in your user preferences? How inconvenient. What else is new, right?

Best of luck to ya, though..
-----
~*Taceas*~
rain@mainecoon.net

"And shepherds we shall be, for thee my lord for thee. Power hath decended forth from thy hand so our feet may swiftly carry out thy command. And we shall flow a river forth to thee and teeming with souls shall it ever be. In nomine Patris, et Filii, et Spiritus Sancti." - The Boondock Saints

when it comes to online transactions, all passwords are the max length with assorted capitalization, numbers, and nonalphabet characters if allowed. User names are also complicated. Keep all this info in a secure file. When need to login, copy and paste from file. each site has different logins/passwords too. it only takes an extra minute to find and open login file then copy paste.

PayPal is really being "spoofed" lately. Received 2 very real looking emails asking for info. One even tried to mimic site. As mentioned always look for the https:// Don't bother with online credit card transactions that don't use secure sites.