I think someone has managed to get into Toni's Email and send a spam
message to this group and also to at least some of us individually.

--
Guerri

Guerri

Yes, I got one too. You weren't on the list of addressees on mine, so
there must have been more than one message (unless you were sent a
blind copy). It seemed to come from Yahoo, so I suspected that the
spammer might have collected addresses from the old Coryphaeus group
on Yahoo. However, mine was sent to an address that I only use in
this Google group.

-- Tim L

On Jul 22, 10:07*am, Guerri Stevens <gue... (AT) tapcis (DOT) com> wrote:
> I think someone has managed to get into Toni's Email and send a spam
> message to this group and also to at least some of us individually.
>
> --
> Guerri

I have heard that it is possible somehow to send an Email and make it
appear that it is from someone else's Email address. Is there something
we and/or Toni should do about this?

You were not on the list of the message I got, but Mike was and there
were some familiar-looking names that seemed not quite right, but I was
not familiar with their email addresses. Like eschindl for instance
which might be Esther.

Guerri

Tim Lodge wrote:
> Guerri
>
> Yes, I got one too. You weren't on the list of addressees on mine, so
> there must have been more than one message (unless you were sent a
> blind copy). It seemed to come from Yahoo, so I suspected that the
> spammer might have collected addresses from the old Coryphaeus group
> on Yahoo. However, mine was sent to an address that I only use in
> this Google group.
>
> -- Tim L
>
> On Jul 22, 10:07 am, Guerri Stevens <gue... (AT) tapcis (DOT) com> wrote:
>> I think someone has managed to get into Toni's Email and send a spam
>> message to this group and also to at least some of us individually.
>>
>> --
>> Guerri
>

I received two messages also, one from the group and one from Toni directly (supposedly)! This is an example of "spoofing." Someone basically gained access to Toni's address book.

"E-mail spoofing is a term used to describe...e-mail activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the From field (found in the e-mail headers), it actually comes from another source."

Judy

Sorry to all, it does appear that my account was hacked (they got my entire
address book...sigh)
*-- Toni Savage



----- Original Message ----
From: Judy Madnick <jmadnick (AT) gmail (DOT) com>
To: dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 8:35:57 AM
Subject: RE: [Dixonary] Re: OT: Toni's Email Scammed?

I received two messages also, one from the group and one from Toni directly
(supposedly)! This is an example of "spoofing." Someone basically gained access
to Toni's address book.

"E-mail spoofing is a term used to describe...e-mail activity in which the
sender address and other parts of the e-mail header are altered to appear as
though the e-mail originated from a different source. E-mail spoofing is a
technique commonly used for spam e-mail and phishing to hide the origin of an
e-mail message. By changing certain properties of the e-mail, such as the From,
Return-Path and Reply-To* fields (which can be found in the message header),
ill-intentioned users can make the e-mail appear to be from someone other than
the actual sender. The result is that, although the e-mail appears to come from
the address indicated in the From field (found in the e-mail headers), it
actually comes from another source."

Judy

no, it cam direcly from my personal address book.* EVERYONE in it.* I have just
moved all my addresses to this account from my office.*


I just changed my password, but ... let me know if any more come through.*


*-- Toni Savage



----- Original Message ----
From: Tim Lodge <5sfwiyj02 (AT) sneakemail (DOT) com>
To: Dixonary <dixonary (AT) googlegroups (DOT) com>
Sent: Thu, July 22, 2010 6:03:08 AM
Subject: [Dixonary] Re: OT: Toni's Email Scammed?

Guerri

Yes, I got one too.* You weren't on the list of addressees on mine, so
there must have been more than one message (unless you were sent a
blind copy).* It seemed to come from Yahoo, so I suspected that the
spammer might have collected addresses from the old Coryphaeus group
on Yahoo.* However, mine was sent to an address that I only use in
this Google group.

--* Tim L

On Jul 22, 10:07*am, Guerri Stevens <gue... (AT) tapcis (DOT) com> wrote:
> I think someone has managed to get into Toni's Email and send a spam
> message to this group and also to at least some of us individually.
>
> --
> Guerri

Sorry to all, it does appear that my account was hacked (they got my entire
address book...sigh)
*-- Toni Savage

Toni,
I got a message too.

It was supposedly from a yahoo account.

I assume that you only access Yahoo mail via browser. If that is the case then there is a possibility that malware on your PC might have accessed a yahoo login cookie in your browser.

Always logging out after accessing web mail might help reduce the chance of such a malware attack, but certainly would not eliminate the possibility.

For example, some malware might be able to read the login cookie while it was active during the email accessing. Or perhaps more likely, a key logger might have captured the password and sent it to the perpetrator?

Of course, another possibility is that somebody could have broken your password with a dictionary attack.

Not all of the anti-malware software would be guaranteed to catch whatever malware, if any, that might have caused this. I would recommend anti-malware software that included 'behavioral' or 'behavior' based detection. And then being careful about handling warning prompts you get from the anti-malware software.

There is a 'on demand' (i.e. non resident) anti malware product called Surfright Hitman Pro from NL which scans against multiple vendor databases (cloud based too, I think) which might be more likely to catch and kill fresh new or obscure malware. It has a 30 day free trial and should not interfere with installed AV, etc.

Of course, if password was really hacked directly, e.g. by dictonary attack, i.e. WITHOUT malware, then anti-malware programs would not fix this already done damage deed in the PC, since it would not actually be damage within the PC per se.

I myself probably handle my yahoo email different than most people. There is a Thunderbird extension for web mail that lets me read my yahoo mail with T-Bird. But I do keep my yahoo mail password stored in T-bird so that would still be a place where malware could steal it from. I also log into yahoo mail via web using Yahoo Messenger, so I don't normally actually type the password, because it's stored in Yahoo messenger. So I would still be vulnerable to password stealing by theft of the password stored in my PC, but less vulnerable to theft by key logger. Probably a moot point. Once any malware gets in, the gig is usually up, until it's removed. In my last KNOWN infection though the bad guys (commies or businessmen in cahoots with commies) were using me to bombard (DDoS) a Vietnamese anti communist site. Thus not endangering me directly.

Guerri Stevens wrote:

> I have heard that it is possible somehow to send an Email and make it
> appear that it is from someone else's Email address.

I didn't get this particular spam, but:

It is absolutely possible, and it's been happening for ages; it was
first reported about five years ago.

I first encountered it week before last, and it took the now-classic
form: The e-mail message appeared to come from the daughter of a friend
of mine, and the "from" address was totally accurate even unto her
middle initial, which she then used as part of her address. The message,
which was sent to *every single person in her address book*, including
her mother and me, said that she was stranded in X [the named foreign
country varies], she had been robbed of all money and credit cards, the
police and US embassy had been of no help, and her hotel wouldn't let
her leave without paying her bill.

Had anyone responded (AFAIK, no one did in this particular case), I'm
told by someone in the field, there would have been a request for funds
by wire transfer.

This young woman was using gmail (she has now switched to a different
ISP), and I gather that users of that service have frequently been
victims; apparently their servers are not well protected. But it can
happen anywhere--even to those who handle mail at home via e-mail
software rather than at a webmail site, if they've installed no
anti-malware protection.

--Dodi

Toni Savage wrote:

> it cam direcly from my personal address book. EVERYONE in it. I have just
> moved all my addresses to this account from my office.
>

Toni, I wasn't one of those who got the spam. I gather it wasn't your
Yahoo account that was hacked. Have you now dropped the other address we
have for you?

--Dodi

on why to clear browser private info,
more on ease of stealing passwords:
http://tapcis.com/forums/showthread.php?t=8706

Actually, I know EXACTLY how this was swiped... I was busy and let my guard down
last night... the Yahoo login screen popped up (as it does every two weeks) and
I* entered my login info without thinking.* It was obviously a pfish site.*
Coupled with some virus/trojan on my computer.* Busy cleaning things up now.

Really*sorry!!!!
*-- Toni Savage



----- Original Message ----
From: davidh <jdharper (AT) softhome (DOT) net>
To: Dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 3:37:10 PM
Subject: Re: [Dixonary] OT: Toni's Email Scammed?


on why to clear browser private info,
more on ease of stealing passwords:
http://tapcis.com/forums/showthread.php?t=8706


--
davidh

DH

I did find out that I have bad emails in my address book for some folks... for
example, it sent to your old CIS address!!

This has enabled me to clean up my address book! (sigh... I did have better
things to do today...)

Note that it was*picked up as spam by a lot of spam filters, too.
*-- Toni Savage



----- Original Message ----
From: Dodi Schultz <DodiSchultz (AT) nasw (DOT) org>
To: dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 10:39:58 AM
Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?

Toni Savage wrote:

> it cam direcly from my personal address book.* EVERYONE in it.* I have just
>moved all my addresses to this account from my office.* *
>

Toni, I wasn't one of those who got the spam. I gather it wasn't your Yahoo
account that was hacked. Have you now dropped the other address we have for you?

--Dodi

It's not the servers... if you can get into the account via login,*it's pretty
easy to send to the entire address book.

As I said, I entered into a pfishing site (I dropped my guard!).* The emails
appeared in my "sent items" folder.

I*can tell the process was totally automated, because it did not pick up some of
the emails correctly (truncated them).

Yahoo gives you the ability to set a "personal logo" on the signon page, so you
know it's real.* I just did that.
-- Toni Savage




________________________________
From: Dodi Schultz <DodiSchultz (AT) nasw (DOT) org>
To: dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 10:27:29 AM
Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?

Guerri Stevens wrote:


I have heard that it is possible somehow to send an Email and make it appear
that it is from someone else's Email address.
I didn't get this particular spam, but:

It is absolutely possible, and it's been happening for ages; it was first
reported about five years ago.


I first encountered it week before last, and it took the now-classic form: The
e-mail message appeared to come from the daughter of a friend of mine, and the
"from" address was totally accurate even unto her middle initial, which she then
used as part of her address. The message, which was sent to every single person
in her address book, including her mother and me, said that she was stranded in
X [the named foreign country varies], she had been robbed of all money and
credit cards, the police and US embassy had been of no help, and her hotel
wouldn't let her leave without paying her bill.

Had anyone responded (AFAIK, no one did in this particular case), I'm told by
someone in the field, there would have been a request for funds by wire
transfer.

This young woman was using gmail (she has now switched to a different ISP), and
I gather that users of that service have frequently been victims; apparently
their servers are not well protected. But it can happen anywhere--even to those
who handle mail at home via e-mail software rather than at a webmail site, if
they've installed no anti-malware protection.

--Dodi

This sentence confuses me: "

------------------------------------------
On 2010-07-22 at 15:37 davidh wrote:


> on why to clear browser private info,
> more on ease of stealing passwords:
> http://tapcis.com/forums/showthread.php?t=8706

Toni Savage wrote:

> I did find out that I have bad emails in my address book for some folks... for
> example, it sent to your old CIS address!!
>

Ah, that's interesting. I still have the mailbox, but I don't have
Thunderbird pick up from there; I do check their webmail site once a day
just in case there's mail I want from somebody I failed to furnish with
my current address.

They might have put it in the spam folder, although they're not real
consistent about that unless the word "Viagra" is in the subject line,
and even then they seem to miss a few.

Guess I'll go see what they did with it, assuming it got there.

So, to clarify: Are both of the addresses we have for you still good? Or--?

--Dodi

Toni Savage wrote:

> It's not the servers... if you can get into the account via
> login, it's pretty easy to send to the entire address book.

Being technologically backward, I'm a little confused. How does the
scammer get your address book? Is it somewhere other than in your
computer? Do you keep all your stuff on a server, like people with gmail?

P.S.: The fake message, which you say was sent to my former address,
never reached that mailbox; I just checked the AOL/C'Serve webmail site.
No such message in the waiting mail or in the spam folder.

--Dodi

On 2010-07-22 at 15:37 davidh wrote:

> on why to clear browser private info,
> more on ease of stealing passwords:
> http://tapcis.com/forums/showthread.php?t=8706

Sorry about the previous partial message. Somehow my email client interpreted
my attempt to paste text as a "send message" command. I haven't figured out how
that happened yet.

So, to continue...this sentence confuses me:

"For the attack to work, an XSS, or cross-site scripting vulnerability must be
present on the site on which the stored password is used."

It seems to be a vulnerability of this kind cannot exist on a site. It might
exist in a browser. Originally, a cookie was not supposed to be readable by any site
other than the one that created it. The ability to have such powerful scripting
running on browsers nowadays may have changed that.

Well, it definitely got rejected by CIS
*-- Toni Savage



----- Original Message ----
From: Dodi Schultz <DodiSchultz (AT) nasw (DOT) org>
To: dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 6:22:14 PM
Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?

Toni Savage wrote:

> I did find out that I have bad emails in my address book for some folks... for
>example, it sent to your old CIS address!!
>*

Ah, that's interesting. I still have the mailbox, but I don't have Thunderbird
pick up from there; I do check their webmail site once a day just in case
there's mail I want from somebody I failed to furnish with my current address.

They might have put it in the spam folder, although they're not real consistent
about that unless the word "Viagra" is in the subject line, and even then they
seem to miss a few.

Guess I'll go see what they did with it, assuming it got there.

So, to clarify: Are both of the addresses we have for you still good? Or--?

--Dodi

yes, the Yahoo*address book is on Yahoo servers.* When you log in and*go to
write an email, it looks up the addresses there.*


I used to have Outlook, and then the address book was on the Exchange server.

If I used Outlook Express, THEN it would be on my local computer.

And, as I said, CIS rejected the email and I got a "mailer daemon" message about
it.* Lots of spam/virus filters rejected it.* Good news, for some.
*-- Toni Savage




________________________________
From: Dodi Schultz <DodiSchultz (AT) nasw (DOT) org>
To: dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 6:28:53 PM
Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?

Toni Savage wrote:


It's not the servers.... if you can get into the account via login,*it's pretty
easy to send to the entire address book.
Being technologically backward, I'm a little confused. How does the scammer get
your address book? Is it somewhere other than in your computer? Do you keep all
your stuff on a server, like people with gmail?

P.S.: The fake message, which you say was sent to my former address, never
reached that mailbox; I just checked the AOL/C'Serve webmail site. No such
message in the waiting mail or in the spam folder.

--Dodi

Never mind. I did some research and now understand better what is meant by
"cross-site", so the sentence does make sense: vulnerabilities can exist in the
applications on a site through not sanitizing untrusted (user) input that is
reflected in the returned pages, for example.

------------------------------------------
On 2010-07-22 at 18:32 Tony Abell wrote:


> On 2010-07-22 at 15:37 davidh wrote:

>> on why to clear browser private info,
>> more on ease of stealing passwords:
>> http://tapcis.com/forums/showthread.php?t=8706

> Sorry about the previous partial message. Somehow my email client interpreted
> my attempt to paste text as a "send message" command. I haven't figured out how
> that happened yet.

> So, to continue...this sentence confuses me:

> "For the attack to work, an XSS, or cross-site scripting vulnerability must be
> present on the site on which the stored password is used."

> It seems to be a vulnerability of this kind cannot exist on a site. It might
> exist in a browser. Originally, a cookie was not supposed to be readable by any site
> other than the one that created it. The ability to have such powerful scripting
> running on browsers nowadays may have changed that.

Toni Savage wrote:

> yes, the Yahoo address book is on Yahoo servers. When you log in
> and go to write an email, it looks up the addresses there.

Seems to me it would be better to have your address book in a program
in your own computer, yes? (Mine's in Thunderbird.) Or am I leaping to
an unjustified assumption?

--Dodi

Yahoo Email is (or at least was) accessible only with a browser, not
automatically by an Email client like Thunderbird, etc. Assuming that
hasn't changed, you could keep an address book separately on your own
computer, but it would be handier to use the one Yahoo provides. I never
used their Email for anything other than an address to use when ordering
online or doing something else that wanted an Email address but for
which I didn't want to provide my own.

Gmail (Google mail) also has its own address book, but you can set up
your gmail account so that it can be accessed by Tbird, etc. and hence
use the address book on your own machine.

Another thing I notice about Yahoo email is that if you want to send a
photo, for instance, it doesn't attach and send the photo from your
computer, it copies it to their server and the recipient evidently
receives it as a remote image. I have Tbird set to not automatically
display these, so it's very annoying when I actually want to see them.

Guerri

Dodi Schultz wrote
> Seems to me it would be better to have your address book in a program
> in your own computer, yes? (Mine's in Thunderbird.) Or am I leaping to
> an unjustified assumption?
>

There are advantages and disadvantages to various setups... I just retired, and
I'm still trying to figure out what's best for me.*


I'm getting appointments that (I think) only work in Outlook, so that might be
good for me, except that it's VERY prone to viruses* of various sorts....


Once my sister is out of the rehab facility and*my brother-in-law is out of
chemo,**I will focus on that.
*-- Toni Savage




________________________________
From: Dodi Schultz <DodiSchultz (AT) nasw (DOT) org>
To: dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 8:08:43 PM
Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?

Toni Savage wrote:


yes, the Yahoo*address book is on Yahoo servers.* When you log in and*go to
write an email, it looks up the addresses there.

>
Seems to me it would be better to have your address book in a program in* your
own computer, yes? (Mine's in Thunderbird.) Or am I leaping to an unjustified
assumption?

--Dodi

<< Gmail (Google mail) also has its own address book, but you
<< can set up
<< your gmail account so that it can be accessed by Tbird, etc.
<< and hence
<< use the address book on your own machine.

That's what I do with a program called !ntellect by Chaos Software. However, gmail has quite a spam filter, and I have had to add a number of addresses to my gmail address book so that they don't end up in the spam folder. So I guess those addresses may be at risk, although most are business, as opposed to personal, email addresses. <G>

Judy

I use one outright safety measure - it wouldn't suit everyone but works fine
for me. I only ever read emails as text. Then I can see exactly what I am
doing. (and I use OUTLOOK for 7 of my email adrreses)

Yes, one gets lots of blue 'hyperlinks' in among the text. But that is good
safety when one reads an email that - as an example - tells me that your IRS
owes me money, (somewhat unlikely for a UK resident!!) but what I also see
is that almost all the links are to the IRS site - so if it were displayed
as a web page it would look very real. However the 'click here' link is to a
website ending .ru -- rather unlikely that a genuine IRS site would need to
use a Russian web address! Similarly the paypal scams use all the imagery
from paypal but the logon link is to a site somewhere totally other.

I admit that I sometimes do choose to view as web but firstly without
pictures and these are downloaded only if I am sure they are safe

As an aside the fact that I wrote this will tell you something about me and
the distractions that I need <grin> I am not currently playing because I
have other things on my mind. My wife and I are in the USA supporting our
son and his wife. Our newly born grandson is in a NICU unit and sadly it is
most likely he will not survive for much longer.

John

> -----Original Message-----
> From: dixonary (AT) googlegroups (DOT) com
> [mailto:dixonary (AT) googlegroups (DOT) com] On Behalf Of Toni Savage
> Sent: Friday, July 23, 2010 12:42 PM
> To: dixonary (AT) googlegroups (DOT) com
> Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?
>
> There are advantages and disadvantages to various setups... I
> just retired, and I'm still trying to figure out what's best for me.
>
> I'm getting appointments that (I think) only work in Outlook,
> so that might be good for me, except that it's VERY prone to
> viruses of various sorts...
>
> Once my sister is out of the rehab facility and my
> brother-in-law is out of chemo, I will focus on that.
>
> -- Toni Savage
>
>
> ________________________________
>
> From: Dodi Schultz <DodiSchultz (AT) nasw (DOT) org>
> To: dixonary (AT) googlegroups (DOT) com
> Sent: Thu, July 22, 2010 8:08:43 PM
> Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?
>
> Toni Savage wrote:
>
>
>
> yes, the Yahoo address book is on Yahoo servers. When
> you log in and go to write an email, it looks up the addresses there.
>
>
>
> Seems to me it would be better to have your address book in a
> program in your own computer, yes? (Mine's in Thunderbird.)
> Or am I leaping to an unjustified assumption?
>
> --Dodi
>
>
>
>

JohnnyB wrote:

> I am not currently playing because I
> have other things on my mind. My wife and I are in the USA supporting our
> son and his wife. Our newly born grandson is in a NICU unit and sadly it is
> most likely he will not survive for much longer.

Oh, John, how awful. Hoping that, by some miracle, the expected worst
will not come to pass.

--Dodi

John,

I am so sorry to hear about your family. My daughter is a NICU nurse in New
Brunswick, NJ and I can relate a little bit to what you're going through.
You and your family are in our thoughts and prayers.

Chris


--------------------------------------------------
From: "Dodi Schultz" <DodiSchultz (AT) nasw (DOT) org>
Sent: Friday, July 23, 2010 2:12 PM
To: <dixonary (AT) googlegroups (DOT) com>
Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?

> JohnnyB wrote:
>
>> I am not currently playing because I
>> have other things on my mind. My wife and I are in the USA supporting our
>> son and his wife. Our newly born grandson is in a NICU unit and sadly it
>> is
>> most likely he will not survive for much longer.
>
> Oh, John, how awful. Hoping that, by some miracle, the expected worst will
> not come to pass.
>
> --Dodi
>
>
>

<< My wife and I are in the USA
<< supporting our
<< son and his wife. Our newly born grandson is in a NICU unit
<< and sadly it is
<< most likely he will not survive for much longer.

I am so sorry to hear this new, John. Life sometimes seems so unfair. Please know that others are keeping you and your family in their thoughts and prayers.

Judy

<< My wife and I are in the USA
<< supporting our
<< son and his wife. Our newly born grandson is in a NICU unit
<< and sadly it is
<< most likely he will not survive for much longer.

I am so sorry to hear this new, John. Life sometimes seems so unfair. Please know that others are keeping you and your family in their thoughts and prayers.

Judy

> My wife and I are in the USA supporting our
> son and his wife. Our newly born grandson is in a NICU unit and sadly it is
> most likely he will not survive for much longer.

So sorry to hear this, Johnny. We're thinking of you and your family.

Susan heard this morning that her sister died last night, after a very quick decline from spinal
cancer. We'll be flying across to Houston on Sunday to be with her family; she was only 70.

Best wishes,
Tim B.

<< Susan heard this morning that her sister died last night, after a
<< very quick decline from spinal
<< cancer. We'll be flying across to Houston on Sunday to be with
<< her family; she was only 70.

I'm very sorry for your family's loss. Today seems like a day for bad news. <sigh>

Judy

Johnny

My thoughts are with you.

-- Tim L

Johnny,

Please add me to the list of those thinking of you and yours.

Scott

Our thoughts and prayers are surely with you.

Dave (near Daytona)

A member of an organisation my husband Sam's on the board of decided, illegally as he was not the secretary, that all the board communication would be done by him setting up a Yahoo group and enrolling all the board members (I handle all Sam's email) without their knowledge or permission. I immediately started getting tons of spam and phishing messages. When I started checking out Yahoo groups I discovered hundreds devoted to hacking, and dozens devoted to hacking Yahoo groups. Yahoo also can collect information any time you visit a site that has any association with Yahoo, including (can I be remembering this right?) ads posted by a Yahoo entity, if you are a Yahoo member. AND it's very hard to get out of Yahoo AND they hang onto the information-collecting for I think three months after you "quit" -- which seems to mean only that you then can't get into a group or site (like Flickr) that requires a Yahoo identity.

I'm also pretty sure, from the timing, that the one Yahoo store I use, Evergreen YH seeds, is the reason that my Amazon Visa was suddenly shut down, between the supermarket and Trader Joe's, because "um... er... one of... uh... one of our merchants' security was compromised." I suppose there are Yahoo groups devoted to hacking Yahoo stores, too.

m

A member of an organisation my husband Sam's on the board of decided, illegally as he was not the secretary, that all the board communication would be done by him setting up a Yahoo group and enrolling all the board members (I handle all Sam's email) without their knowledge or permission. I immediately started getting tons of spam and phishing messages. When I started checking out Yahoo groups I discovered hundreds devoted to hacking, and dozens devoted to hacking Yahoo groups. Yahoo also can collect information any time you visit a site that has any association with Yahoo, including (can I be remembering this right?) ads posted by a Yahoo entity, if you are a Yahoo member. AND it's very hard to get out of Yahoo AND they hang onto the information-collecting for I think three months after you "quit" -- which seems to mean only that you then can't get into a group or site (like Flickr) that requires a Yahoo identity.

I'm also pretty sure, from the timing, that the one Yahoo store I use, Evergreen YH seeds, is the reason that my Amazon Visa was suddenly shut down, between the supermarket and Trader Joe's, because "um... er... one of... uh... one of our merchants' security was compromised." I suppose there are Yahoo groups devoted to hacking Yahoo stores, too.

mI noticed in Yahoo Messenger that it would show the Yahoo ID's of any 'contacts' with whom my own Yahoo Messenger contacts had newly established as 'contacts' of their own, by default. It's called 'updates'. I had to go into my Yahoo profile and manually disable the sharing of my 'updates'. Yahoo 'updates' also automatically would 'update' my (or whoever's) contacts about various OTHER activities of myself on Yahoo , etc.

So I had to 'go into' my Yahoo profile , first making my Yahoo 'profile' temporarily visible and manually DISABLE sharing of my 'updates'. And then of course immediately go back and make my Yahoo profile invisible.

I don't know how new this 'feature' is. I'm pretty sure that it was not there a couple years ago. I think such 'updates' could also be automatically shared with Facebook (etc.?).

I don't think Yahoo privacy is as bad as Facebook, but it does take some time to go into wherever and make sure as many things as possible are disabled.

This tutorial may help a little bit.
Yahoo! Messenger > Help > Tutorials > Protecting Your Privacy
Protecting Your Privacy
Overview Making Yourself Invisible Changing Your Stealth Setting Ignoring a Contact Showing or Hiding Updates
Showing or Hiding Your Yahoo! Updates

Yahoo! Updates is a service that lets you keep in touch with friends and share your interests in the world of Yahoo!. Your friends can learn when you’ve voted on a news item, changed your avatar, and more. Just as you can view your friends’ Updates, they can view yours through their Yahoo! Messenger client (if they’re using Messenger 9). You can control the Updates your friends see.

http://help.yahoo.com/tutorials/ms9/mess/im_priv5.html

I'm guessing that logging out of Yahoo mail as soon as you've finished accessing Yahoo mail may help increase privacy significantly.

I would hope also that using the T-Bird extension for Yahoo web mail would also automatically log out of Yahoo after either downloading or sending, but I have not tested this.

I expect that the 'traditional' webmail providers such as Yahoo and AOL have tried to turn their services into social networking sites as much as possible to compete with Facebook and Twitter, etc.

I have used my Yahoo email accounts long enough so far, that I will probably not abandon them. However, this type of phenomenon of invasion of privacy has at least led me to consider someday possibly switching over to AOL / AIM email for my web mail because of the fact that AOL mail also offers free POP3 / IMAP mail as opposed to Yahoo POP3 which is 'pay for'.

I also use the My Yahoo web based RSS news reader. But now I am somewhat considering using more of the RSS news reader features of T-bird or FF since I don't necessarily want Yahoo to know that I participate in such subversive forums as TAPCIS :rolleyes:

Re: Yahoo Groups:

<< I immediately started getting tons of spam and
<< phishing
<< messages.

I am on many Yahoo! Groups, but I don't use my Yahoo! email address for any of them. So, yes, I get a ton of spam at my Yahoo! address...but it doesn't really matter because I know it's all spam. Every so often I take a look at that account and say to myself, "I'm sure glad I don't use this mailbox!!"

I have several gmail addresses, and although I do receive spam, gmail does quite a good job identifying it. Since I use a third-party email program, I do check my spam daily on gmail (it never reaches me) to be sure "good" messages didn't get caught in the spam filter.

Computer "stuff" -- a real love-hate relationship. <sigh>

Judy

It's fascinating the different experiences people have... I find Yahoo's spam
filter much better than Gmail's.* Maybe it depends on where you use the
addresses?
*-- Toni Savage



----- Original Message ----
From: Judy Madnick <jmadnick (AT) gmail (DOT) com>
To: dixonary (AT) googlegroups (DOT) com
Sent: Sun, July 25, 2010 9:28:04 AM
Subject: Re: [Dixonary] OT: Toni's Email Scammed?

Re: Yahoo Groups:

* * * * * * * * << I immediately started getting tons of spam and
* * * * * * * * << phishing
* * * * * * * * << messages.

I am on many Yahoo! Groups, but I don't use my Yahoo! email address for any of
them. So, yes, I get a ton of spam at my Yahoo! address...but it doesn't really
matter because I know it's all spam. Every so often I take a look at that
account and say to myself, "I'm sure glad I don't use this mailbox!!"

I have several gmail addresses, and although I do receive spam, gmail does quite
a good job identifying it. Since I use a third-party email program, I do check
my spam daily on gmail (it never reaches me) to be sure "good" messages didn't
get caught in the spam filter.


Computer "stuff" -- a real love-hate relationship. <sigh>

Judy

I decided some time ago to get rid of my Yahoo accounts, mainly because
it was so slow to operate due to the ads. Then they added the social
networking stuff, implementing it without asking me, making someone I do
not know my "friend", or whatever they call it, allowing her to know my
Email address, and not giving me a way to delete all of that. I did what
I could to disable it, and I decided maybe I'd accelerate my deletion of
my accounts.

Guerri

davidh wrote:
> ...
> I have used my Yahoo email accounts long enough so far, that I will
> probably not abandon them. However, this type of phenomenon of invasion
> of privacy has at least led me to consider someday possibly switching
> over to AOL / AIM email for my web mail because of the fact that AOL
> mail also offers free POP3 / IMAP mail as opposed to Yahoo POP3 which is
> 'pay for'....

It is possible, and I've seen lots like that,*but that is not what happened to
me.* I can see in my "sent email" folder that the emails definitely came from
someone signed into my account.*


In fact, I was able to send individual apologies to everyone who got spammed by
just using "reply all" and cutting and pasting from the TO into the BCC.

-- Toni
*



----- Original Message ----
From: Guerri Stevens <guerri (AT) tapcis (DOT) com>
To: dixonary (AT) googlegroups (DOT) com
Sent: Thu, July 22, 2010 7:01:14 AM
Subject: Re: [Dixonary] Re: OT: Toni's Email Scammed?

I have heard that it is possible somehow to send an Email and make it appear
that it is from someone else's Email address. Is there something we and/or Toni
should do about this?

You were not on the list of the message I got, but Mike was and there were some
familiar-looking names that seemed not quite right, but I was not familiar with
their email addresses. Like eschindl for instance which might be Esther.

Guerri

Tim Lodge wrote:
> Guerri
>
> Yes, I got one too.* You weren't on the list of addressees on mine, so
> there must have been more than one message (unless you were sent a
> blind copy).* It seemed to come from Yahoo, so I suspected that the
> spammer might have collected addresses from the old Coryphaeus group
> on Yahoo.* However, mine was sent to an address that I only use in
> this Google group.
>
> --* Tim L
>
> On Jul 22, 10:07 am, Guerri Stevens <gue... (AT) tapcis (DOT) com> wrote:
>> I think someone has managed to get into Toni's Email and send a spam
>> message to this group and also to at least some of us individually.
>>
>> --
>> Guerri
>