My yahoo email account was recently hacked into and emails were sent out to my contacts claiming I was on holiday in Spain and had been robbed and needed £1400 to get home. Coincidentally I was on holiday at the time without email access or a decent phone signal so I had no idea this was happening. When I did find out, I discovered I couldn’t get into my account as it appeared my password had been changed. By going through the security questions I was able to get back into my account and change the password, but I’m concerned now about security. I’ve used yahoo for email for over 10 years now and never had a problem. My brother-in-law suggested Thunderbird as an email client. Have any of you used this and if so did you find it good or bad? Or can you suggest another option? I’d like to keep my current email address.
Thanks
There’s a difference here. Yahoo email is a provided service. Thunderbird is just a client that can be used with that service. Even if you do setup Thunderbird to work with Yahoo or gMail or whatever, it won’t really add to the security factor. (Well, SSL encryption may help, but it’s doubtful it would have done anything for your account hacking.)
As far as email clients go, I like Thunderbird just fine.
This has been a pretty common scam lately. As Purd mentioned, using Thunderbird won’t make a lick of difference since someone with your password could still log on to your web mail interface.
Also, I like Thunderbird as well, though I’m not thrilled with the changes they made in the latest release.
I assume you use Windows? If I understand you correctly, you’re saying that you accessed your Yahoo! account through webmail (i.e., in a browser, such as Internet Explorer or Firefox)? I’m not sure that switching to a dedicated email client will offer you any better security (on preview, as Purd Werfect says), but it won’t hurt either.
I’m a Linux guy. On my desktop, I use SeaMonkey (based on Mozilla code) because I prefer an integrated browser/email client. On my laptop I usually use Thunderbird for email – yes, I like it and no, never had any issues with it. If it gives you some insight into anything, I don’t particularly care for webmail interfaces and find Outlook (in any of its incarnations that I’ve been subjected to due to work) terrible. My opinion on Outlook is at least paritally due to the fact that I’m just not familiar with it.
I should say that it’s been almost 8 months since I bothered with email on my laptop. That’s about to change 'cuz we’re moving and my desktop will be unavailable. I just updated Thunderbird and made sure it’s working properly, but it looks like there was a version upgrade since I last used it with new features; I’ll know more in a week or so.
Really? As a “hitting the road” gift to me (as I mentioned above, I’m moving and will be using Thunderbird rather than SeaMonkey), would you mind providing some details?
If you’ve never used Thunderbird before it’s not something you’re going to notice at all. I just have a gripe about where they moved some of the buttons to. Also, with the last version I could type names separated with a comma and it would split them each on to their own line. That also doesn’t seem to work for me anymore. I have to type a name then use the mouse to get to the next line. I’m sure I’m doing something wrong, I’m just not sure what it is yet. Lastly, and I have no idea if it was like this before or not or even if it’s a Thunderbird issue but…AVG scans all my incoming mail. It then adds a line at the bottom of the incoming mail that says it’s been scanned and virus free. That’s fine, but for some reason if I forward that email, that bottom part get’s turned into an attachment. I have no idea how to make that stop.
I also seem to have an odd problem with it occasionally opening with the preview pane running…I don’t like that.
I’ve only been using Thunderbird for a week or so and can’t add much except to say I like it and it seems to work well. I do wish it had a calendar like Outlook.
It’s an AVG issue. I remember after installing AVG I started seeing that line added at the bottom of my emails, and it annoyed me, so I figured out how to remove it. That was a couple of years ago, though, so I have no idea what I did.
It really depends on how your account info was stolen. If it was spyware or phishing (most likely), Thunderbird won’t help at all and in the case of spyware may even make it worse.
If you’re not following good computer security practices, now’s a good time to start. If you were already doing that as best as you could, it’s possible that somebody intercepted your password at, say, a public wifi cafe or something… and in cases like that, either using Yahoo’s secure login features or switching to somebody like Gmail who offers completely HTTPS coverage may help.
You can even set up Yahoo to work with Gmail, such that Gmail communicates with Yahoo’s servers directly and you only communicate with Gmail through HTTPS. You can keep your old Yahoo address that way, I believe.
Reply - I would say I follow good computer security practices as far as I know how. I don’t open suspicious looking emails or follow dodgy links, but there may be things that I do that I’m not aware are less than safe. I can’t think how my account was accessed as I don’t use public wifi and my home wifi is secured.
From all of the comments it would seem that Thunderbird won’t address the issue. It looks as though using gmail will be a good option so I will try that.
It’s best if you set a bookmark to https://mail.google.com and make that bookmark the only way you access Gmail. That https:// means you’ll explicitly choose the HTTPS-secured version every time.
Normally, if just go to Gmail.com or click on the Gmail link from the Google front page, it’ll first take you to the plain, insecure page and then automatically (and instantly) redirect you to the secure version. That’s fine in 99.9% of cases, but it leaves room for an attacker to present you with a fake Gmail login page before that redirect happens. If you use the https to begin with, this becomes a lot harder (an invalid certificate warning will pop up).
After you log in, Gmail by default now stays HTTPS-secured for the entire time, but it wouldn’t hurt to get in the habit of checking for HTTPS status whenever you’re writing your emails. Normally this is indicated by a yellow padlock somewhere in your browser.
As for security practices, a good overview list like this one might help if you don’t already do all that. If you do, well, keep in mind that no system is perfectly safe, so beyond a certain reasonable amount of effort, what can ya do short of becoming a security pro? One break-in over a ten-year period isn’t that bad from a home user’s standpoint, especially since you got your account back (bravo!).
It is a convoluted process but the real problem seems to be with Windows 7; when I try to run the saved Lightning file, I get a message saying Windows can’t open the file because it doesn’t know what program was used to write it. It is too damn frustrating for me to mess with it; I think I might bite the bullet and acquire a recent copy of Outlook.
Make sure you use a good password. You want numbers, symbols and changes of case in there, and it should be at least 8 characters.
If you go for GMail, make sure you enable HTTPS as the default in Settings, General, Browser Connection. That way it should’t matter what link you use, from any computer. (Ignoring the possibilities of keyloggers/malware on someone ELSE’S PC.)
Plus, if your WiFi is secured using WEP, you are not really protected at all. You need WPA with a strong password.