The Yahoo! Mail team and I have used this blog many times to keep you informed about how you can stay safe and protect your personal information on the Internet and in Yahoo! Mail. We’ve posted on the best ways to recognize and avoid phishing scams and how to avoid falling victim to lottery attacks. We also use several measures to help you protect your account information including secure login pages, the ability to set up a sign-in seal, and scanning attachments for viruses.
There is another threat that exists called the ‘cookie replay’ attack, where attackers gain access to your account using public WiFi networks. It is an industry wide issue that can affect any Web site including Yahoo! Mail. While this threat does exist, I have not heard of any of our users complaining about being a victim.
I try to be as safe as I can when online. Here are some things you should do to help protect you against this type of exploit:
- Always be cautious when accessing your email account when using public WiFi networks. Consider accessing your account only on secure networks.
- If you need to use public WiFi networks to access your email, use a POP email client to access your mail via SSL. Yahoo! Mail UK users have the ability to send and receive mail via email clients like Microsoft Outlook, Mozilla Thunderbird and others (our friends on the other side of the ‘pond’ will need to sign up for Mail Plus). Make sure to set up your client with SSL security for the best account security.
- Sign up to a personal VPN service (or, if they offer it, use your work’s VPN)
We feel strongly about offering you protections to safeguard your account. We are committed to developing solutions to tackle this industry wide security issue. And we hope to have a solution in sometime in 2010.
I will to keep you up-to-date on the progress of that solution. Until then, be smart when accessing your account via public WiFi networks. If you must access your email on a public WiFi network, try to use POP via SSL or a personal VPN client.
More general information on security can be found at http://security.yahoo.com, and for security tips for mail visit http://uk.antispam.yahoo.com/. As always, please feel free to contact our Customer Care team.