Keeping you safe while you’re online is a top priority for us here at Yahoo!. One important part of your online safety is making sure that nobody else can access your Yahoo! Mail account without your permission, and the best way to do that is to make sure you choose a good password and make sure nobody else knows it or can easily guess it.

I know it can feel like a pain typing out a more detailed password, but none of us want to make it any easier for the bad guys.

My top advice is to be mindful of any Web page that requests your Yahoo! password. The #1 way people get their passwords stolen is by typing them into lookalike “phishing” web sites, pages that pretend to be Yahoo! or another trusted Web site but actually are run by the bad guys. Scrutinize carefully any page that requests your Yahoo! password. In addition:

• Make sure the Web page address doesn’t have any misspellings or extra words (e.g. http://www.yah000.com, http://www.yahoo-members.com, or http://www.yahoo.BadGuyEnterprises.com) in it. When it doubt, go straight to http://www.yahoo.com and log in from there.
• Be vigilant about anything that doesn’t look right on the page, such as typos, outdated content, or broken or missing pictures.
• Best idea: be sure to set up a customized “Sign-In seal” picture — instructions are at https://protect.login.yahoo.com/ — and never enter your password unless you see that picture on the page.

Here are a few more tips to help keep you safe online:

• Don’t use the same password on multiple sites. Your Yahoo! Mail account is important to you, so it deserves its own password. That way, if the unthinkable happens on another site, at least your Yahoo! mailbox remains secure.
• Never send your password over email. Yahoo! will never request your password from you in an e-mail; if you ever receive such a request, you should treat it as fraud. Do not pass “Go!” Instead immediately click the “Spam” button on that message.
• Protect yourself with a virus scanner. Another way passwords get stolen is from a virus that records your keystrokes. Don’t give the bad guys that option: There are a number of anti-virus companies that offer free versions or trial offers, including (in no particular order and with no specific endorsement implied) http://security.symantec.com , http://usa.kaspersky.com/downloads/free-virus-scanner.php, http://us.mcafee.com/root/downloads.asp?id=freeTrials, and http://www.avast.com/eng/avast_4_home.html.

Unfortunately there is no silver bullet against these criminals and con-men, but hopefully these tips will help us all keep the bad guys at bay.

Read more »

You may have heard or read about email accounts and their passwords being posted online. While I’ve read different versions of how the person(s) responsible was able to get the email account information, it was not a result of any insecurity at Yahoo! It looks to be a result of phishing attacks. Should you feel that one of your email accounts was affected by the recent publication, whether it is a Yahoo!, Hotmail or Gmail account, I would suggest changing your password as well as other account security information like secret questions and alternate email addresses.

We are aware that a limited number of Yahoo! IDs have been made public, it’s uncertain if any of those email/password combinations have resulted in any accounts being compromised. Online scams and phishing attacks are an ongoing and industry-wide issue and Yahoo! takes great effort to protect our users’ security.

We also have the following online resources that provide information and guidelines on email safety:
Our anti-spam site: http://antispam.yahoo.com/
With a phishing prevention sub-section: http://antispam.yahoo.com/phishing
Our help pages: http://help.yahoo.com/l/us/yahoo/mail/yahoomail/abuse/
And of course, I’ve posted a number of articles about online safety to this blog: Spotting phishing emails, how to spot online scams, avoiding the lottery scams, and account recovery help

Here are a couple FAQs that provide additional information:
Have accounts been compromised because of this?
We are unable to confirm whether accounts have been compromised at this time. However, we strongly suggest that consumers take caution in securing their email and other online accounts by regularly changing their passwords, and updating account security information.

What do I do if I think my account has been compromised?
You should change your password immediately. Also, if you are unable to enter your account, you can take steps to recover it here: https://edit.yahoo.com/forgotroot

We take online security seriously at Yahoo! We strive to make you and your Yahoo! account as safe as possible. Of course if you have any questions or issues with your account, please contact our Customer Care team.

Read more »

There are few things more frustrating than losing access to your email – whether because you forgot your password or, worse, someone else guessed it – which is why we want to ensure that if it happens to you, the recovery process is as smooth and painless as possible. On that note, beginning this week, we’re rolling out some changes that will both improve recovery rates and make the overall Yahoo! experience even more reliable.

Here’s how it works: To help prove you are who you say you are if you ever lose access to your account, Yahoo! will now give you the option to provide additional account information such as an alternate email address and new secret questions. For US users, we will also incorporate the option to include your mobile phone number. We’ll store this information securely in your record so that if you ever lose access to your account, this data can be used to expedite the recovery process.

We’re doing this to help eliminate the headaches caused when people forget their registration details – you’d be surprised how many people can’t recall the basic information they provided when they signed up for their Yahoo! ID. In addition, with the advent of social networking and public profiles, details like your zip code or birthday may be publicly available, and we want to better protect your online experience by making sure you’re the only one who can accurately answer our account recovery challenges.

Beginning this week, after successfully logging into Yahoo! Mail, select users will be automatically redirected to a page where they will be asked to update their account with this new information. Users who wish to update their account information proactively can do so by visiting https://edit.yahoo.com/commchannel/manage. Also from now on, anyone who successfully recovers a lost or compromised account will be asked to update their information to this new standard at the end of the recovery process.

We take privacy very seriously at Yahoo!, and this is part of our overall commitment to providing a safe, easy to use, and reliable online experience. For more tips, be sure to check out our guidelines for spotting online scams and top tips for protecting your Yahoo! Mail account. You can also head over to antispam.yahoo.com for additional information on protecting yourself online.

Read more »

This month in the UK, the Office of Fair Trade is promoting their annual Scams Awareness Month. In support of their efforts, I’ve posted some scam avoidance tips on the UK Mail Blog. Since they apply just as much across the pond as they do State-side, I wanted to share them with you too. The first step in helping you to stay scam-free is to recognize the types of scams that are out there. Here are the three most common types that come in email form (which I’m sure some of you have seen before):

1. Phishing scams – These are email scams that claim to be from an organization, like a bank, and they ask you click on a link which takes you to a Website that looks real but is, in fact, fake. When you log in with your account details and password on this fake site, the bad guys gain access to your private information.
2. Lottery Scams – These are emails that tell you have won a local or foreign lottery and to get the money you have to pay processing fees and send personal details.
3. Advance fee or fund transfer schemes – These are also called Nigerian ‘419’ scams where you receive an email, often times from someone claiming to be in Africa or Asia, and claiming that they have access to huge sums of cash but need your help getting it out of the country. In this scam, the criminal offers to send you a check for $100,000 and you send him back a personal check for $90,000 and keep the difference. The scam is, of course, that the initial check is bogus but may take several weeks to clear, by which point the criminal is long gone with your money.

You know what? Your bank will NEVER ask you for a password in an email, you have NOT won the lottery and all you end up with for those huge sums is a ZERO balance in your bank account. I’ve been collaborating with our Spam Czar, Mark, and we’ve come up with these tips to help you avoid the scammers:

1. If it sounds too good to be true, it probably is – If someone stopped you on the street and said he needed your help smuggling millions of dollars out of the country, you’d be pretty suspicious. We recommend the same type of skepticism when you’re online. If you didn’t enter that Sweepstakes or Lottery, there’s no way that you won. Be extra suspicious if someone offers to send you money up front — as honest as I’m sure you are, that wealthy prince who offers to buy your iPod for 10 times its value isn’t as gullible as he seems.
2. Check the FROM line – One big giveaway is when a seemingly official message originates from a generic e-mail address. If your bank has something to say to you, it won’t come from “security_services_293@freemail.com,” and when the IRS discovers a tax error in your favor, they won’t write to you from a personal account like “charlotte.magnolia@internetonline.gr” Check the return address and make sure it looks legit (including looking for spelling errors!)
3. Beware if someone requests personal information or any payment over e-mail – Yahoo! and other respected Internet companies will never request your username or password over e-mail, and neither will your bank, credit card company, or insurance agency. If a message is asking you to e-mail your sensitive information, that’s an immediate red flag. Likewise, legitimate companies will not request money up front for you to claim a prize you’ve won.

For good measure I’m including some of the choicest scam emails we’ve seen in the recent past. By arming with yourselves with the knowledge of what scams are out there and how to avoid them, you’ll be much safer online. As always, if you do see one of these scams, please do your part and click the “Spam” button inside Yahoo! Mail – it’s the single strongest way to let us know so that we can block these terrible messages.

Read more »

I think, by now, you are all familiar with Mark, our resident anti-spam czar. If not, Mark has graced this blog a number of times before. Most recently he conducted an anti-spam workshop in addition to letting us know how we’re cracking down Lottery scams on our corporate Yodel blog. Today, he’s back with more great news on how he and his team are working to keep you safer for 2009. So without further ado, here’s Mark….

——————————————

At Yahoo!, we take spam seriously. And as I’ve told you before, we’ve got some of the smartest computer scientists in the world working to ensure Yahoo! Mail users receive all the mail they want…and none that they don’t. It’s a huge challenge and the bad guys are always out there trying to make a buck with their scams, but we’re committed to helping keep you safer online.

One way we’re turning up the heat on the spammers is by utilizing even more state-of-the-art technology. Recently, Yahoo!’s anti-spam team has been using a “supercomputer” consisting of thousands of individual PCs — part of our open source Hadoop project — to help detect spammers. We’re teamed up with several top universities on this research, looking for more ways to find and block the bad guys even faster, before they can do their damage.

We’re also out there working with partners big and small to help reduce spam across the Internet. We’ve seen some promising early results from one such company, a startup named Abaca, and our hopes are high that together we can block even more of these messages by looking at spammers’ behavior in addition to the contents of their spammy messages.

Closely related to all of this is that we need to ensure the right messages still get through, that we don’t throw out the proverbial baby with the bathwater. With the help of our friends at Return Path, we’re relaunching our Complaint Feedback Loop for commercial e-mail companies. With the CFL, legitimate companies receive notification when users mark a message as “spam,” and those companies can then use that feedback to help them fix the problems on their end. For example, a company may have used a confusing subject line, or accidentally sent to the wrong mailing list; with the CFL, we can get that information to them so they can quickly correct the problem.

As always, I’ll close with a reminder that, if Yahoo! Mail does let something slip through into the wrong folder — either allowing spam into your inbox or mistakenly putting a good message in your Spam folder — please use the “Spam” and “Not Spam” buttons to let us know. Clicking those buttons sends an immediate and powerful signal to our systems (and to me :) so that we can quickly try to correct the problem. It’s the best way for us to get better, and to continue keeping your e-mail experience great!

Mark Risher,
Anti-Spam Czar

Read more »

As you may have heard, we’ve been working on a new smarter inbox to help make your life easier. We’re happy to announce that today, some of you will begin to experience the smarter inbox, and we wanted to give everyone a chance to see what it looks like and what it can do.

The smarter inbox experience features a new Yahoo! Mail Welcome Page which surfaces messages, information and activity updates you care about most, as well as an updated inbox and folder view that filters messages from your personal connections.

The smarter Yahoo! Mail inbox also gives you immediate access to relevant third-party applications like Flickr, Flixster and Xoopit allowing you to do much more, and be more efficient, all from within your inbox. Take a look now and let us know what you think!

- Yahoo! Mail Team

Update: We are conducting a very limited beta test right now of the open applications in Yahoo! Mail. Only our power users, who were invited into the limited beta, can test out the new applications at beta.mail.yahoo.com. We will be extending this beta test to additional users over the coming months.

Read more »

Despite my earlier efforts to share these visionary suggestions with screenshots, it seems that people continue to rely heavily on search engines to get to their Yahoo! Mail account. Now if you simply like that process, more power to you. But if you would like something with fewer steps, do I have the video for you. Please excuse the stuffiness of the voice over. Not only was my voice born for print media, I was fighting off some seasonal allergies.

Read more »

If he keeps this up I may just have to find a way to give Mark his own byline, but in case you missed the Yodel post, our resident anti-spam czar Mark (the same one who held the recent workshop) had a few words to share about the ever increasing “lottery” scams.  Check it out!

Coalition crackdown on lottery spammers

What generally increases when the overall economy declines? That’s right – crime. And these days, when you receive an email that proclaims that you’ve won the “Yahoo! Lottery,” the financially-pressured optimist in you might be more inclined to bite the bait.

Last May, we filed a lawsuit against “Yahoo! Lottery” spammers who use our brand to trick unsuspecting users into handing over personal data to claim a prize. And we’re making progress on catching these scammers, but we’re concerned that they may step up efforts to dupe people impacted by these tough times.

Today we announced a public-private coalition with Microsoft, the African Development Bank, and Western Union to allow victims of lottery scams to upload police reports we can use with the goal of tracking down these devious criminals and developing better ways of protecting people online. INTERPOL has gotten involved to inform international law enforcement agencies about the initiative and provide guidance on critical information to collect to identify trends and common patterns.

Here’s how it works. Yahoo! and the other coalition members have set up dedicated email addresses and Web sites (ours is http://antispam.yahoo.com/phishingtips) where lottery scam victims — those who took the bait and handed over personal information — can share details of the police report they have filed. These reports may be helpful to other coalition members and law enforcement in fighting lottery scammers.

For readers who spot a scam but don’t fall for it, we have tips for you, too. First off, don’t ever reply to the message, even as a joke. You don’t want to be encouraging these guys. Instead, click the “Spam” button, which helps us and our anti-spam systems block these types of messages and kick these criminals off the Internet. We also have a form you can use to report lottery scams and other kinds of abuse originating from Yahoo! users.

As we’ve said before, no one ever wins the Yahoo! Lottery. And that’s simply because there is no Yahoo! Lottery. We’re on a mission to protect you from these online predators, but in addition to what we’re doing on our end, you can also find some tips on how you can protect yourself on our anti-spam resource site.

Mark
Anti-Spam Czar, Yahoo! Mail

Read more »

We want to make sure we give users info about steps they can take to enhance the security of their account.  So our VP of Mail, John Kremer, has put together a message (courtesy of the Yodel blog) that highlights many of the things people can do to protect themselves online.

—————————

Mail security tips

There are nearly 275 million Yahoo! Mail account holders worldwide.

Since one Yahoo! Mail address is in the news today, I thought this might be a good time to remind everyone about some online safety tips that will help protect your account. (In order to protect the privacy of our users, we can’t get into specific details of any of our users’ accounts — we know you’d want us to do the same for you!).

• Choose a strong password. It’s like a toothbrush – choose a good one and don’t share it. Your Yahoo! Mail password can be any length and can contain spaces, symbols, or numbers –- letting you come up with something that’s easy for you to remember but impossible for someone else to figure out.
• Avoid using a complete word from a dictionary (English or otherwise) or a name.
• Use at least 7 characters. The more the better. A long but simple password can be safer than a shorter complex one.
• Use a combination of capital and lowercase letters, numbers, and standard symbols (! @ # $ % ^ &, etc.).
• Don’t use personal information that someone could easily figure out. Avoid a password based on information easily obtained about your (a birthday, your child’s name, your phone number, school name, etc.). Don’t use a password you already use for another account, like your bank account PIN. And don’t’ use your Yahoo! ID (or other username) in any form (reversed, capitalized, doubled, etc.).
• Avoid the obvious. Attackers tend to first try repeating letters or number sequences (123456). Stay away from “test” or “password.” And when you change your password, which you should do relatively often, don’t just add a number to the end.
• Create a sign-in seal. Yahoo! and many financial institutions let you personalize your sign-in page to help you make absolutely sure you’re not falling victim to a phishing scam. See a photo of your cat Rupert? You know it’s safe to proceed.

Cybercrime is an industry-wide issue and we’ve been working with the industry in combating it (with innovations like Domain Keys). Rest assured that we take security and privacy very seriously here.

You are the first line of defense. Head over to antispam.yahoo.com and security.yahoo.com for more tips to help you protect your account, your privacy, and your identity.

John Kremer
Vice President, Yahoo! Mail

Read more »

I was chatting with a buddy from Customer Experience the other day (everybody say hi to Carl. He is not only tasked with finding ways to make your Customer Care experience more pleasant, but he also reads this blog from time to time), and I learned about some of the common questions agents are getting.

Now it’s not all that noteworthy that there are common questions, but what people may not know is that when we identify these common questions we try to update the Help Center.  This means if you didn’t find the answer to a question before, that doesn’t mean that it won’t be there in the future.  It’s kind of organic that way.

Anyway, one of the more recent additions to the Tutorials area just so happens to address not one, but TWO of the common questions he was telling me about.  This tutorial offers a thorough run through of the different ways you can customize the All-New Yahoo! Mail.

Included in the Customizing Yahoo! Mail tutorial are step by step instructions for changing the content on your Home tab, changing the color of the interface, and more.  But the one that caught my eye was changing your personal information.  It turns out that two very common questions are about changing your password and changing your password and changing your name.  It also turns out that we have a great tutorial with step by step instructions.

Just below your Yahoo! ID, and above your Home tab, are links for Sign Out, My Account, and Mail Classic (for switching back to Classic).

Clicking My Account takes you to the Yahoo! Account information page, which covers your info across all of the Yahoo! Network.  Keep in mind that the password update, accessed by the Change Password link near the top of the page, is a system wide change, meaning you will now be using that password for all things Yahoo!

Another common question people have involves changing your name.  Whether it’s because of marriage, because of divorce, because you resent your parents, or just messed up during registration, people keep wanting to update that name.

Well you can also update your name from the same page, but we’ve found that in some cases people just want to update their name within Mail.  Maybe you want your full name on your Yahoo! account, but want a nickname or short name within Mail.  Well on the same page you’ll find a tutorial with steps to update your Mail name on an account by account basis.

There you have it.  Changing account information is easy if you know where to look for the directions.

BTW … our Tutorials team is always looking to make them better, so after checking them out please be sure to answer the “Was this helpful?” and provide any feedback you can!

Read more »