Phishing… and yahoo mail
Discussion
Hello tech gurus,
My dear old mum verified her email address in response to a simple phishing request. And gave PW.
A few days later, they took over her email and sent all her contacts a request to help her with something on Amazon (presumably if anyone replies, this will be a request for e vouchers)
We reset the password and got back in. I’ve emailed all to say it’s a fraud.
The email account was set so all replies went to the delete box (a filter) so if you did get back in, you wouldn’t see the replies before the fraudster did.
The email is an old sky one, run through yahoo.
The recent account activity mentions an “app password was added” this was by the fraudsters. I don’t understand what that is or how to disable it but I have “signed out of all devices” and set a new password - which works on the web and on the iPad app.
Anymore I should do please?
My dear old mum verified her email address in response to a simple phishing request. And gave PW.
A few days later, they took over her email and sent all her contacts a request to help her with something on Amazon (presumably if anyone replies, this will be a request for e vouchers)
We reset the password and got back in. I’ve emailed all to say it’s a fraud.
The email account was set so all replies went to the delete box (a filter) so if you did get back in, you wouldn’t see the replies before the fraudster did.
The email is an old sky one, run through yahoo.
The recent account activity mentions an “app password was added” this was by the fraudsters. I don’t understand what that is or how to disable it but I have “signed out of all devices” and set a new password - which works on the web and on the iPad app.
Anymore I should do please?
Edited by Austin_Metro on Friday 2nd May 13:01
I think the best course of action would be to export the contact list (if possible - else make a manual list); close / delete the account (again, if possible); and set her up with a web-based email such as Gmail or proton mail; then import or manually create the contacts.
I'd avoid an Outlook account as it seems to be getting infested with adverts these days.
I'd avoid an Outlook account as it seems to be getting infested with adverts these days.
An app password is one setup specifically for a particular app and is considered a more secure way of accessing your account through an app.
Yahoo can be a bit messy when it comes to security settings, but if you log into yahoo mail on the web, then click on your username on the top right, then account info, then security, you should then be able to see app passwords on the right under the "how you sign into yahoo" section. Click on manage app passwords and you should be able to delete.
Yahoo can be a bit messy when it comes to security settings, but if you log into yahoo mail on the web, then click on your username on the top right, then account info, then security, you should then be able to see app passwords on the right under the "how you sign into yahoo" section. Click on manage app passwords and you should be able to delete.
egomeister said:
An app password is one setup specifically for a particular app and is considered a more secure way of accessing your account through an app.
Yahoo can be a bit messy when it comes to security settings, but if you log into yahoo mail on the web, then click on your username on the top right, then account info, then security, you should then be able to see app passwords on the right under the "how you sign into yahoo" section. Click on manage app passwords and you should be able to delete.
Thanks ego. Yahoo can be a bit messy when it comes to security settings, but if you log into yahoo mail on the web, then click on your username on the top right, then account info, then security, you should then be able to see app passwords on the right under the "how you sign into yahoo" section. Click on manage app passwords and you should be able to delete.
Under “this is how you sign in now” I don’t have any reference to an app passcode.
It’s either “password” and it was changed when I changed it. Or “passkeys” and it offers that I can “create passkey”
There’s an option further up to “enable 2 step verification “ but if I click on that nothing happens.
If you haven't already done so check with your mum if she uses that password for other services and if she does change it asap with those too.
If she uses it everywhere focus on the important stuff i.e. Amazon or anywhere someone could login and start buying/doing stuff.
And enable 2FA on the Yahoo account and better still drop it and get a Gmail account or similar
If she uses it everywhere focus on the important stuff i.e. Amazon or anywhere someone could login and start buying/doing stuff.
And enable 2FA on the Yahoo account and better still drop it and get a Gmail account or similar
Austin_Metro said:
egomeister said:
An app password is one setup specifically for a particular app and is considered a more secure way of accessing your account through an app.
Yahoo can be a bit messy when it comes to security settings, but if you log into yahoo mail on the web, then click on your username on the top right, then account info, then security, you should then be able to see app passwords on the right under the "how you sign into yahoo" section. Click on manage app passwords and you should be able to delete.
Thanks ego. Yahoo can be a bit messy when it comes to security settings, but if you log into yahoo mail on the web, then click on your username on the top right, then account info, then security, you should then be able to see app passwords on the right under the "how you sign into yahoo" section. Click on manage app passwords and you should be able to delete.
Under “this is how you sign in now” I don’t have any reference to an app passcode.
It’s either “password” and it was changed when I changed it. Or “passkeys” and it offers that I can “create passkey”
There’s an option further up to “enable 2 step verification “ but if I click on that nothing happens.
If an app passwords exists, it should say "generate or manage app passwords" or similar.
Yahoo mail is pretty horrible, so I agree with the other post above to move away to something like gmail if possible. To get the instructions above it took me half a dozen attempts to get a verification code to allow me to login!
b
hstewie said:
hstewie said: If you haven't already done so check with your mum if she uses that password for other services and if she does change it asap with those too.
If she uses it everywhere focus on the important stuff i.e. Amazon or anywhere someone could login and start buying/doing stuff.
And enable 2FA on the Yahoo account and better still drop it and get a Gmail account or similar
Thanks Stewie - I have asked on passwords. She seems to use unique ones - it’s surprising she could tell the phisherman what it actually was. If she uses it everywhere focus on the important stuff i.e. Amazon or anywhere someone could login and start buying/doing stuff.
And enable 2FA on the Yahoo account and better still drop it and get a Gmail account or similar
egomeister said:
Not sure then! That's the same place I'm looking but your pages is slightly different.
If you go to the next tab, recent activity, you might be able to see where the account is currently logged in and do something from there
Thanks! If you go to the next tab, recent activity, you might be able to see where the account is currently logged in and do something from there
I have tried looking at all the tabs. I’ve also done the “secure your account” option which disconnected all others but the webmail portal I was going through. Might that have disabled the app password?
egomeister said:
Nothing to the right or below where it says passkeys?
If an app passwords exists, it should say "generate or manage app passwords" or similar.
Yahoo mail is pretty horrible, so I agree with the other post above to move away to something like gmail if possible. To get the instructions above it took me half a dozen attempts to get a verification code to allow me to login!
What’s wrong with Yahoo Mail? I’ve used it for years, changing everything would be a pain.If an app passwords exists, it should say "generate or manage app passwords" or similar.
Yahoo mail is pretty horrible, so I agree with the other post above to move away to something like gmail if possible. To get the instructions above it took me half a dozen attempts to get a verification code to allow me to login!
bad company said:
egomeister said:
Nothing to the right or below where it says passkeys?
If an app passwords exists, it should say "generate or manage app passwords" or similar.
Yahoo mail is pretty horrible, so I agree with the other post above to move away to something like gmail if possible. To get the instructions above it took me half a dozen attempts to get a verification code to allow me to login!
What’s wrong with Yahoo Mail? I’ve used it for years, changing everything would be a pain.If an app passwords exists, it should say "generate or manage app passwords" or similar.
Yahoo mail is pretty horrible, so I agree with the other post above to move away to something like gmail if possible. To get the instructions above it took me half a dozen attempts to get a verification code to allow me to login!
Spam filtering is also not up to the level of gmail for example.
There's not any fundamental flaw that would mean I'd want to switch at all costs, but if it were me I'd be transitioning stuff away from it when convenient. One thing I would say for sure is have lots of ways for backup verification as I could have easily been locked out today despite giving the correct password and having the correct phone no linked.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff