Modern field guide to security and privacy

Yahoo hack raises fresh fraud concerns

Fraudsters are trying to trick victims of the massive Yahoo data breach into paying for bogus tech support.

Robert Galbraith/Reuters
The Yahoo logo is shown at the company's headquarters in Sunnyvale, Calif. April 16, 2013.

Lawyers behind a class action lawsuit against Yahoo over its recently disclosed data breach say fraudsters are now looking to dupe victims with tech support scams.

In the weeks since Yahoo announced the digital attack, which initially occurred in 2014 and exposed information about 500 million accounts, scammers posing as company officials have attempted to trick users into paying hundreds of dollars for phony security upgrades. 

"As Yahoo put the knife in the backs of its customers by recklessly failing to secure their data, criminals are now twisting those knives by setting up fake Yahoo customer service phone numbers," said Stuart Davidson, an attorney at the law firm Robbins Geller Rudman & Dowd. "All of this would not have happened had Yahoo upheld its promise to protect its customers' data."

Mr. Davidson is part of the legal team representing Ronald Schwartz, who filed a class action suit against Yahoo over the breach. Davidson said he's spoken with at least six people who have been scammed by calling phony tech support hotlines that have surfaced online. Fraudsters are demanding up to $500 to "secure" victims' computers from further harm, he said.

In a letter to users, Yahoo recommended users promptly change passwords and security questions, and adopt a different means of verifying their accounts such as two-factor authentication. But the potential harm for users exposed in the breach could stretch beyond just their Yahoo accounts. 

While the breach did not include financial data, cybersecurity experts worry that victims in the breach could face problems with other digital accounts, too, especially if people reused their Yahoo passwords.

Yahoo said that "state-sponsored" hackers were responsible for stealing the data but did not name any specific country or group.

In an unrelated case, Reuters reported Tuesday that Yahoo built a custom tool last year for the US government to scan users' emails. That news, coupled with revelations of the breach, caused many tech reporters, journalists, and privacy advocates to urge users to delete their Yahoo accounts.

When asked about US intelligence efforts to search Yahoo emails, National Security Agency Director Adm. Michael Rogers on Wednesday refused to confirm or deny the Reuters story.

It's unclear if revelations of Yahoo's alleged willingness to allow the government to search emails without users consent will compel additional legal action against the company.

"It does certainly dovetail with our allegations," said Davidson, the lawyer in the class action case. "What I find most interesting is that, if the story is true that Yahoo has been giving the government access to user emails, Yahoo cannot blame criminals this time. This one is all on Yahoo."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.