In the last few months I have assisted a number of customers in resolving problems with their Frontier Yahoo email. The initial evidence of the hack was that some of their contacts received a bogus email such as the following:
“Subject: Urgent favor
How are you? I need a favor from you. I need to get a Gamestop Gift Card for my Nephew, Its his birthday but i can’t do this now because I’m currently traveling. Can you get it from any store around you? I’ll pay back as soon as i am back. Kindly let me know if you can handle this.”
This email came directly from the hacked Frontier yahoo email account.
In other words, it was not an email from some other account with the sender’s address spoofed. The hacker had direct access to the Frontier Yahoo account. Before sending the scam email, the account settings were changed to add a reply-to address and adding forwarding all incoming email to firstname.lastname@example.org.
Thus any direct reply to the scam message would go to the hacker’s email without the hacked account holder knowing. This would allow him to continue the scam. In addition, while any email sent directly to the hacked account would be received and seen by the account holder, it would also be forwarded to the hacker’s email.
Without checking account settings, the only way the account holder would know is when someone contacted the account holder after spotting the suspicious email, or when they didn’t respond to an email that was sent.
The first two customers contacted Frontier and were advised to change their passwords, which they did. While this most likely prevented further hacking, it did not fully resolve the problem.
Frontier failed to advise them to check other settings. In one case, Frontier actually remoted in to the customer’s computer to assist them. But the “tech” failed to find and remove the bogus reply-to and forwarding.
Consequently, customers called me because they were still having problems receiving emails. Finding and implementing the solution was relatively simple – check account settings and remove the bogus reply-to and forwarding.
Unfortunately, my customers thought that the problem was resolved when Frontier advised them to change the password. This meant that for a week or so they were still using a compromised account. The hacker was receiving copies of all emails sent to the account and replies to all legitimate emails sent by my customers through the account were diverted to the hacker.
When I contacted Frontier about an unrelated matter on a different account, the Frontier support person alluded to the hacking problem without being specific. However, to my knowledge, there was no recent notification from Frontier to their customers of a problem.
Just recently I spotted the problem on another account when I received one of the bogus emails. I was able to call the customer, alert her to the problem, and fix it, but it still required that the customer directly call Frontier in order to change the account password, as well as logging in to the account to eliminate the bogus settings.
It is unclear whether the hacked account problems I just described are due to the massive data breach at Yahoo reported back in 2017 where hackers gained access to credentials for 200 million Yahoo accounts, or if this is some new hack only affecting Frontier Yahoo accounts.
In any case, if you have Frontier Yahoo mail or any Yahoo account, the password should be changed and settings checked immediately. This applies even if you are not actively using the account.
As always, if you need assistance, you can contact me at 315-376-8879, by email, or Facebook.com/AffordableTechnicalSolutions.