Very strange email...

#21
I have had a email login notice this morning that my Sky Yahoo Mail is now outdated and expired. It tells me to enter my email address to re-validate. If I do not do this within 48 hours it will be permanently deleted. Is this a scam ?.
 
#23

Wordsmith

LE
Book Reviewer
#25
I have had a email login notice this morning that my Sky Yahoo Mail is now outdated and expired. It tells me to enter my email address to re-validate. If I do not do this within 48 hours it will be permanently deleted. Is this a scam ?.
If it provides you with a direct link to the 'Yahoo' site, it will probably be a fake site. You enter your email address and they'll probably then ask you to enter your password as validation. He/she then has access to your Yahoo email account, which they can then search/monitor for any further sensitive information.

Never, ever follow a link in an email, but Google for the pertinent link and follow that - that way you're going to end up at the genuine website.

Wordsmith
 
#26
If it provides you with a direct link to the 'Yahoo' site, it will probably be a fake site. You enter your email address and they'll probably then ask you to enter your password as validation. He/she then has access to your Yahoo email account, which they can then search/monitor for any further sensitive information.

Never, ever follow a link in an email, but Google for the pertinent link and follow that - that way you're going to end up at the genuine website.

Wordsmith
The notice came up when i opened sky home before I can log into email.
 

Wordsmith

LE
Book Reviewer
#27
The notice came up when i opened sky home before I can log into email.
I'm not familiar with Sky Home. There are ways you can manipulate a browser to put up notices like that if there are security vulnerabilities within the Sky website. However, the same trick (stored cross-site scripting) can steal your user credentials, which would be a much more effective attack.

I'd Google for the pertinent Yahoo page, open it, enter your credentials and see what happens next time you open Sky Home. If the message still came up after you reentered your credentials into Yahoo, I'd be a little concerned.

In that event the immediate action I'd take would be to visit Yahoo again and change my password. I'd also then flag the incident up to Sky as a suspicious one.

(The above is a best guess as to the appropriate course of action).

Wordsmith
 
#28
The notice came up when i opened sky home before I can log into email.
I'm not familiar with Sky, but go directly to the email log-in page that you would normally use to log into your email directly. If Sky have been hacked, they might be asking you to change your password before they tell anyone what happened.

It is good policy to never use the same password on two different sites, especially if that password is used for something important. Never use your bank password for anything else, ever. Never use your email password for anything else, ever.

If someone gets control of your email account they can then contact various services that you use to request a password reset ("I forgot my password", "We'll send a reset link to the email address you gave us when you signed up."). Something that by itself is not a major security risk can be if chained together with other things.
 
#29
I am with BT Internet which is very poor provider, I could use other words but would be banned from here

If I get my user name or password wrong - I have missed typed and put in a typo it tells me that I have has too many attempts to log in and locks me out for 15 minutes, I believe that this is happening because someone or something is trying to log into my account. (Thats my theory)

I have an Experian credit check on a monthly subscription, 2 months ago it texted me to inform me that monitoring on my identity and accounts etc had identified that my email address and password was on a list being circulated by hackers

BT Internet have not said anything about accounts being hacked to the best of my knowledge

Archie
 
#30
I am with BT Internet which is very poor provider, I could use other words but would be banned from here

If I get my user name or password wrong - I have missed typed and put in a typo it tells me that I have has too many attempts to log in and locks me out for 15 minutes, I believe that this is happening because someone or something is trying to log into my account. (Thats my theory)

I have an Experian credit check on a monthly subscription, 2 months ago it texted me to inform me that monitoring on my identity and accounts etc had identified that my email address and password was on a list being circulated by hackers

BT Internet have not said anything about accounts being hacked to the best of my knowledge

Archie
As much of a pain in the arrse as it is, I’d recommend changing your email password to something random that isn’t used for any other site. (If you need to keep a copy of login details use a physical copy and don’t have it saved on your pc incase the worst happens.)


You can also use Have I Been Pwned: Check if your email has been compromised in a data breach to see if your email or any passwords have been hacked/leaked in the past. (Apologies if link is not allowed.)
 
#31
As much of a pain in the arrse as it is, I’d recommend changing your email password to something random that isn’t used for any other site. (If you need to keep a copy of login details use a physical copy and don’t have it saved on your pc incase the worst happens.)


You can also use Have I Been Pwned: Check if your email has been compromised in a data breach to see if your email or any passwords have been hacked/leaked in the past. (Apologies if link is not allowed.)
And yes it tells me that my email account has been breeched

I did change it once I received notification of the breech

My main point is that BT Internet has failed to notify me of the breech

Archie
 

Joshua Slocum

LE
Book Reviewer
#32
And yes it tells me that my email account has been breeched

I did change it once I received notification of the breech

My main point is that BT Internet has failed to notify me of the breech

Archie
most likely because it came from inside BT
outsourcing IT to India is bound to lead to problems
 
#33
(...) If I get my user name or password wrong - I have missed typed and put in a typo it tells me that I have has too many attempts to log in and locks me out for 15 minutes, I believe that this is happening because someone or something is trying to log into my account. (Thats my theory)
This is standard good practice with any password system. Very good systems usually also have a timer which require a minimum time delay between log-in attempts. This is to try to make it more difficult to use a bot to continually try to guess someone's password. However, as you said it can result in getting locked out of your account if hackers are continually hammering on the log-in using automated bots.

The hackers play a numbers game. They may not be able to get into any specific account, but if they make enough guesses about enough accounts using automated bots, they will get into enough to make it worth their while. One of the things which get done with PCs which get taken over by viruses is to turn them into platforms which run software used to break into other systems.

One of the tactics they use is based on passwords not actually being random. Not only do a lot of people use the same password for everything, a lot of people use the same password as a lot of other people. This means that once the hackers get a list of passwords, they try the common passwords in all sorts of different places. Since they do this automatically, they can try thousands of different common passwords with little effort. This is called a "dictionary attack", so called because it's equivalent to just trying all the words in a dictionary to find your password. That is why your password should be long and made up of random characters.

I have an Experian credit check on a monthly subscription, 2 months ago it texted me to inform me that monitoring on my identity and accounts etc had identified that my email address and password was on a list being circulated by hackers

BT Internet have not said anything about accounts being hacked to the best of my knowledge
Quite possibly BT are very slow in admitting they have a problem. Some companies have taken several years to do so.
 
#34
never click any unsubscribe links in suss emails either as this just lets the scammers know that the address is in use and they will go after you even harder and fill you account up with all sorts of crap
 

Similar threads

Top