Here is an example of a phishing email that I received recently:

We definitely did not send this email. This one, and others like it, all pretty much follow the same formula:

• They are sent from a strange email address (but sometimes masked to look genuine)
• They usually use a scare tactic
• They want you to reply with your account information
• They have bad grammatical errors and use crazy fonts and lots of logos.

The most important thing to know is we will never ask you for your password! Here are some other tips to protect you from phishing threats: Never click on links in emails that ask you to provide account information, go directly to the website and login from there, don’t believe every warning you read in an email. And finally, there is no Yahoo Lottery.

To coin a phrase from my all-time favorite daytime cartoon series G.I. Joe – “Now you know, and knowing is half the battle.”

So how do we do it?  Our anti-spam efforts use a multi-faceted approach to protect your inbox including the use of enhanced technologies, industry collaboration, public policy efforts, and consumer awareness campaigns. Here’s a look at some of the latest advancements from the front lines of fighting spam:

Analytical analysis – Because spammers adjust their messages in subtle ways to evade detection, we’re using Hadoop, a supercomputer consisting of thousands of individual PCs, to look at hundreds of different elements in each message.  For example, Hadoop doesn’t just look for the word “viagra” or “v1agra” or “v.i.a.g.r.a.” to show up in the subject line, it also looks for extremely subtle signals like how many words are in the message, what time of day the message was sent, how different this message is from the last one we saw from that same sender, and so on.

The hunt is on – We welcome opportunities within both private and public sectors to eliminate spam and educate its users about phishing. For example, in 2008 we saw an increase in messages telling our users that they had “won” the Yahoo! Lottery.  Sadly, no such lottery has ever existed!  Yahoo! has formed a public-private coalition with Microsoft, the African Development Bank, and Western Union to allow victims of lottery scams to upload police reports that are used to track down these criminals and develop better ways of protecting people online, and filed a lawsuit directly targeting these criminal con-men.

Self defense – The old adage is true: an ounce of prevention is worth a pound of cure.  Through ongoing consumer education and awareness, we are able to provide you with tips and strategies to identify spam, phishing and other online scams.  Speaking of, the holiday season and “Cyber Monday”—one of the busiest e-commerce days of the year—are right around the corner.  According to the Identity Theft Resource Center, Internet fraud surges around this time because more of us are shopping online. Be careful of those deals that sound too good to be true, because they almost always are.  For more advice, be sure to check out our top tips for staying safe online and spotting online scams.  Also, check out the sidebar below for specific tips for Cyber Monday.  With a sharp eye and a little education, you can better protect your wallet and your identity this holiday season!

With Yahoo! Mail touching over 50 percent of U.S. email users, your protection online and the prevention of spam are issues that are always top of mind.  Whether it be phishing scams, lottery scams, fund transfer scams or other crimes, rest assured that we are behind the scene working diligently to protect you and your inbox. 

Happy holidays from me and my team as we protect you from spam, one message at a time.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tips for a Safe and Productive Cyber Monday!
As I mentioned earlier, Cyber Monday is almost here.  So be sure to use the following tips when you’re receiving emails from vendors on deals and bargains or shopping online at Yahoo! Shopping or any other online shopping store for that perfect gift this holiday season:

Stay updated: Make sure your anti-virus software, internet browser, and operating system are all up-to-date, to protect your computer against viruses and fraudulent websites.

Know whom you’re buying from: Make sure you understand something about the company you are making a purchase from, and be familiar with their practices and policies. While there are many perfectly-reputable online merchants, there are also scammers out there, so be wary of deals that seem too good to be true. Check out their return policies, shipping procedures, and packaging timeframe. Be comfortable with the website and confident that you are going to be protected in the event an issue arises.

Keep your password to yourself: Most websites will require a log-in to make a purchase. Create a secure and unique password, with a combination of letters (uppercase and lowercase), numbers and symbols. If you need to, it’s much better to pick strong passwords and write them down in a secure location than to reuse the same, simple password on multiple sites.

Look for the padlock: When you’re entering sensitive data – such as passwords or credit card numbers – you should always look for the locked padlock symbol at the bottom of the screen or in the web address toolbar.  If the lock isn’t there, it means the site is not securing your information and the site should definitely not be trusted (unfortunately, just because the lock is there doesn’t mean the site is legit, but if it’s not there you know something’s up)

Use your better judgment: You know better! If that Cyber Monday deal sounds too good to be true, chances are that it is. The same can be said about e-mail. While our spam filters work hard to weed out the bad from the good, never click on links in unsolicited or untrusted messages; doing so exposes you to the fraud and also encourages spammers to send more spam.

I know it can feel like a pain typing out a more detailed password, but none of us want to make it any easier for the bad guys.

My top advice is to be mindful of any Web page that requests your Yahoo! password. The #1 way people get their passwords stolen is by typing them into lookalike “phishing” web sites, pages that pretend to be Yahoo! or another trusted Web site but actually are run by the bad guys. Scrutinize carefully any page that requests your Yahoo! password. In addition:

• Make sure the Web page address doesn’t have any misspellings or extra words (e.g. http://www.yah000.com, http://www.yahoo-members.com, or http://www.yahoo.BadGuyEnterprises.com) in it. When it doubt, go straight to http://www.yahoo.com and log in from there.
• Be vigilant about anything that doesn’t look right on the page, such as typos, outdated content, or broken or missing pictures.
• Best idea: be sure to set up a customized “Sign-In seal” picture — instructions are at https://protect.login.yahoo.com/ — and never enter your password unless you see that picture on the page.

Here are a few more tips to help keep you safe online:

• Don’t use the same password on multiple sites. Your Yahoo! Mail account is important to you, so it deserves its own password. That way, if the unthinkable happens on another site, at least your Yahoo! mailbox remains secure.
• Never send your password over email. Yahoo! will never request your password from you in an e-mail; if you ever receive such a request, you should treat it as fraud. Do not pass “Go!” Instead immediately click the “Spam” button on that message.
• Protect yourself with a virus scanner. Another way passwords get stolen is from a virus that records your keystrokes. Don’t give the bad guys that option: There are a number of anti-virus companies that offer free versions or trial offers, including (in no particular order and with no specific endorsement implied) http://security.symantec.com , http://usa.kaspersky.com/downloads/free-virus-scanner.php, http://us.mcafee.com/root/downloads.asp?id=freeTrials, and http://www.avast.com/eng/avast_4_home.html.

Unfortunately there is no silver bullet against these criminals and con-men, but hopefully these tips will help us all keep the bad guys at bay.

We are aware that a limited number of Yahoo! IDs have been made public, it’s uncertain if any of those email/password combinations have resulted in any accounts being compromised. Online scams and phishing attacks are an ongoing and industry-wide issue and Yahoo! takes great effort to protect our users’ security.

We also have the following online resources that provide information and guidelines on email safety:
Our anti-spam site: http://antispam.yahoo.com/
With a phishing prevention sub-section: http://antispam.yahoo.com/phishing
Our help pages: http://help.yahoo.com/l/us/yahoo/mail/yahoomail/abuse/
And of course, I’ve posted a number of articles about online safety to this blog: Spotting phishing emails, how to spot online scams, avoiding the lottery scams, and account recovery help

Here are a couple FAQs that provide additional information:
Have accounts been compromised because of this?
We are unable to confirm whether accounts have been compromised at this time. However, we strongly suggest that consumers take caution in securing their email and other online accounts by regularly changing their passwords, and updating account security information.

What do I do if I think my account has been compromised?
You should change your password immediately. Also, if you are unable to enter your account, you can take steps to recover it here: https://edit.yahoo.com/forgotroot

We take online security seriously at Yahoo! We strive to make you and your Yahoo! account as safe as possible. Of course if you have any questions or issues with your account, please contact our Customer Care team.

Well, we’re not magicians on the Mail team but we are rolling out a new feature that lets you filter your Inbox (or any folder) to just show the emails from senders you’ve added to your Address Book – with just the simple click of a button! It is a crazy easy way to let the “good guys” (important emails) win! Let me show you how it works.

Step 1: Go to your Inbox or any folder. Above the list of emails, you’ll see links to View from All, Contacts, or Connections.

Click on Contacts:

Like magic, your Inbox (or any folder) transforms to only show emails from Contacts you’ve currently added to your Address Book! No work required (who says all things good in life have to be difficult)? Now you can easily see just the emails from your friends, family, and favorite interests (I love U2 and added them to my Address Book) right up front, minus the noise and clutter. Of course, you can always create filters if you want even more control.

Please check it out and let us what you think! Thank you very much for continuing to use Yahoo! Mail.

PS: This feature will roll out in the next few weeks to both Classic and the new Yahoo! Mail users who have the Smarter Inbox features enabled. To get these new features, first create a Profile at profiles.yahoo.com and then log back into Yahoo! Mail. Only users in the US and Australia can get it now, but users from many more countries will be eligible soon.

————

Hello everyone! As you may know, the Yahoo! Mail team has been pretty busy lately – adding Apps, strengthening our anti-spam, integrating IM into Classic Mail – and of course we’ve also been listening intently to you! Of course, not all of you have the new social features, but based on feedback from those that do, I’d like to talk about some upcoming changes we’re making.

You: Updates rock! Keep em coming.
Us: You might notice that your “Welcome” page in Yahoo! Mail has a new look and feel. For those using the social features in Yahoo! Mail, we’ve brought updates to the forefront and we now integrate non-Yahoo! sites directly in Updates — places you regularly visit such as YouTube, Blogger, Yelp, Picasa, and more. And there are many more Yahoo! sites now live, including Yahoo! Sport and Flickr. By adding more places to sites from which you can see Updates, we hope to make it easier for you to stay in the loop with the people that matter.

You: News over Connections Suggestions, please
Us: We’ve moved the entire connections module (invites, suggestions) to the right so you can continue to see the news and weather higher on the page.

You: I want to manage my connections inside of Mail
Us: We’re rolling out a brand new Address Book (what we’re now calling Yahoo! Contacts) that integrates contacts and connections (we’ll do a separate blog post on these features). The new Yahoo! Contacts will only be available to social users for now but it will be made available to all Mail users in the coming months. Stay tuned!

You: Holy Batman! I don’t want this thing!
Us: It is your Mail! Some of you just prefer the old welcome page and don’t want connections features. Here’s how to go back.

You: Holy Batman! I really want this thing!
Us: We are adding several new features that make it even easier to communicate and share before rolling it out to more users. Don’t have it yet? To get to the front of the line when we add more users, please create a profile.

Thanks again for all the helpful feedback.  And thank you for continuing to use Yahoo! Mail!

Rick Pal
Sr. Product Manager

For those of you, like me, who have been around long enough to remember all 25 years of it, this video will bring back some pretty good memories. For me it’s hanging out in my friend’s basement waiting the tape drive to load up the Olympic Decathlon game on his TRS-80 and playing Wizardry on my dad’s Apple IIe with that beautiful green screen (it’s still up there in his attic).

1. Phishing scams – These are email scams that claim to be from an organization, like a bank, and they ask you click on a link which takes you to a Website that looks real but is, in fact, fake. When you log in with your account details and password on this fake site, the bad guys gain access to your private information.
2. Lottery Scams – These are emails that tell you have won a local or foreign lottery and to get the money you have to pay processing fees and send personal details.
3. Advance fee or fund transfer schemes – These are also called Nigerian ‘419’ scams where you receive an email, often times from someone claiming to be in Africa or Asia, and claiming that they have access to huge sums of cash but need your help getting it out of the country. In this scam, the criminal offers to send you a check for $100,000 and you send him back a personal check for $90,000 and keep the difference. The scam is, of course, that the initial check is bogus but may take several weeks to clear, by which point the criminal is long gone with your money.

You know what? Your bank will NEVER ask you for a password in an email, you have NOT won the lottery and all you end up with for those huge sums is a ZERO balance in your bank account. I’ve been collaborating with our Spam Czar, Mark, and we’ve come up with these tips to help you avoid the scammers:

1. If it sounds too good to be true, it probably is – If someone stopped you on the street and said he needed your help smuggling millions of dollars out of the country, you’d be pretty suspicious. We recommend the same type of skepticism when you’re online. If you didn’t enter that Sweepstakes or Lottery, there’s no way that you won. Be extra suspicious if someone offers to send you money up front — as honest as I’m sure you are, that wealthy prince who offers to buy your iPod for 10 times its value isn’t as gullible as he seems.
2. Check the FROM line – One big giveaway is when a seemingly official message originates from a generic e-mail address. If your bank has something to say to you, it won’t come from “security_services_293@freemail.com,” and when the IRS discovers a tax error in your favor, they won’t write to you from a personal account like “charlotte.magnolia@internetonline.gr” Check the return address and make sure it looks legit (including looking for spelling errors!)
3. Beware if someone requests personal information or any payment over e-mail – Yahoo! and other respected Internet companies will never request your username or password over e-mail, and neither will your bank, credit card company, or insurance agency. If a message is asking you to e-mail your sensitive information, that’s an immediate red flag. Likewise, legitimate companies will not request money up front for you to claim a prize you’ve won.

For good measure I’m including some of the choicest scam emails we’ve seen in the recent past. By arming with yourselves with the knowledge of what scams are out there and how to avoid them, you’ll be much safer online. As always, if you do see one of these scams, please do your part and click the “Spam” button inside Yahoo! Mail – it’s the single strongest way to let us know so that we can block these terrible messages.

——————————————

At Yahoo!, we take spam seriously. And as I’ve told you before, we’ve got some of the smartest computer scientists in the world working to ensure Yahoo! Mail users receive all the mail they want…and none that they don’t. It’s a huge challenge and the bad guys are always out there trying to make a buck with their scams, but we’re committed to helping keep you safer online.

One way we’re turning up the heat on the spammers is by utilizing even more state-of-the-art technology. Recently, Yahoo!’s anti-spam team has been using a “supercomputer” consisting of thousands of individual PCs — part of our open source Hadoop project — to help detect spammers. We’re teamed up with several top universities on this research, looking for more ways to find and block the bad guys even faster, before they can do their damage.

We’re also out there working with partners big and small to help reduce spam across the Internet. We’ve seen some promising early results from one such company, a startup named Abaca, and our hopes are high that together we can block even more of these messages by looking at spammers’ behavior in addition to the contents of their spammy messages.

Closely related to all of this is that we need to ensure the right messages still get through, that we don’t throw out the proverbial baby with the bathwater. With the help of our friends at Return Path, we’re relaunching our Complaint Feedback Loop for commercial e-mail companies. With the CFL, legitimate companies receive notification when users mark a message as “spam,” and those companies can then use that feedback to help them fix the problems on their end. For example, a company may have used a confusing subject line, or accidentally sent to the wrong mailing list; with the CFL, we can get that information to them so they can quickly correct the problem.

As always, I’ll close with a reminder that, if Yahoo! Mail does let something slip through into the wrong folder — either allowing spam into your inbox or mistakenly putting a good message in your Spam folder — please use the “Spam” and “Not Spam” buttons to let us know. Clicking those buttons sends an immediate and powerful signal to our systems (and to me :) so that we can quickly try to correct the problem. It’s the best way for us to get better, and to continue keeping your e-mail experience great!

Mark Risher,
Anti-Spam Czar

The smarter inbox experience features a new Yahoo! Mail Welcome Page which surfaces messages, information and activity updates you care about most, as well as an updated inbox and folder view that filters messages from your personal connections.

The smarter Yahoo! Mail inbox also gives you immediate access to relevant third-party applications like Flickr, Flixster and Xoopit allowing you to do much more, and be more efficient, all from within your inbox. Take a look now and let us know what you think!

- Yahoo! Mail Team

Update: We are conducting a very limited beta test right now of the open applications in Yahoo! Mail. Only our power users, who were invited into the limited beta, can test out the new applications at beta.mail.yahoo.com. We will be extending this beta test to additional users over the coming months.

]]> http://www.ymailblog.com/blog/2008/12/take-a-tour-of-yahoo-mails-new-smarter-inbox/feed/ 196