I wonder if anyone can give me some help. I’ve seen things spoofed before and know some things to do but I didn’t think the spoofers would be able to make changes to the email account itself. But my friend discovered her email account settings have been changed to direct everything to a new email address which has been added to her account (using her email address plus an extra letter.) So far she has been unable to delete or inactivate the fake address. She has Yahoo email. Any ideas would be greatly appreciated.
If she can still log into her Yahoo mail (and sounds like she can), it’s going to be ok. Have her IMMEDIATELY change her password, then take a breath: they can’t make any more changes. Then, do a damage assessment, determine what’s real vs spoofed and see what there is to undo. Most likely, they just took her mailing list or sent a few messages. There might not be any lasting issues at all.
That seems strange to me. Why can she not delete the address? Is the delete option not present? Or is that she gets an error message when she tries to delete it? I would think you could delete a forwarding address at any time.
One thing she needs to be concerned about is any account which uses that email address. The hackers may be trying to do password recovery on various accounts and they’ll get the reset emails to the forwarded account. So if her bank uses that email, then the hackers might be able to get her bank login since the emails from the bank will be forwarded to the hacker’s address.
If she can’t delete the address herself, she should probably contact Yahoo support.
Thanks. The delete option is not present. I’ll let her know to try Yahoo Support but so far she hadn’t figured out how to reach them (typical Yahoo to hide the Help button).
Also, she can log in to her Yahoo mail address but cannot receive new e-mails (they have been redirected to the fake e-mail) nor can she send them (the fake e-mail gets anything she tries to send). I was not aware that the spoofer could get into her e-mail ACCOUNT and make changes but they did!
Yahoo’s free email doesn’t currently support email forwarding, so this shouldn’t be possible (unless this is a paid email account).
Thanks gnoitall, but unfortunately the asshole has accessed her account settings and redirected things to their choice of emails. So they don’t forward anything. I doubt a paid email account is involved.
My friend has managed to access the faked email account the bastard set up to see the replies her contacts have sent that ended up in the fake email, and some folks did respond. In those cases he sent a reply to them with the “send me some gift cards because my credit card is messed up.” At least she’s been able to call those folks and say don’t do it, and hopefully most are smart enough not to fall for that. However some of her contacts are older folks and we just hope nobody gets caught.
Regarding Yahoo help, she has made contact but even tho she told them the problem, Yahoo then EMAILED her a CODE to contact them. Hello? Help desk, you say? Hoping anyone has some other ideas? Thanks!
Have her check her recovery email address. They may have changed it to their own so THEY get the code.
She may want to turn on 2FA as well.
The other thing I’d worry about is how they logged in. Even with her password, most websites will send you some sort of notification/verification when you log on with a different device. She may want to see how they bypassed that. Granted, if they did something entirely on their end, there’s not much she can do, but if they social engineered the 2FA part out of her, she should know how it happened so it doesn’t happen again. There’s a scam that’s been going around for quite a while now where someone will attempt to reset your password but get you to send the code to them instead.