I dunno if this is legit or not, but I recently bumped into a note from someone claiming that there’s a secret email address at Yahoo.com that lets you sneak into a backdoor and recover any account password for any account on Yahoo. The address was “[[ omitted ]] @yahoo.com” and it sounds too good to be true. Is it?
Oh yeah, it’s far too good to be true and is actually a smart, sneaky social engineering hack where what they actually are going to obtain is your account and your password, which they’ll promptly change.
Here’s a typical message from one of these phishers:
“I got my Yahoo Id hacked and I am not able to use it anymore. I called up yahoo customer care and they r asking me the answer to my secret question which I dont remember now as it was 5 or 6 years ago. I tried one of the tricks on my account just for fun..”
Seems legit, doesn’t it? I’ve also seen these from Gmail and Hotmail too, by the way, so just about any service with a password and lots of potentially naive, trusting users can be a target for these sneaky tricks.
Here are the steps recommended by the phisher:
- Log in to your own yahoo account. Note: Your account must be at least 30 days old for this to work.
- Once you have logged into your own account, compose an e-mail to:
[[ omitted ]]@yahoo.com
This is a mailing address to the Yahoo Staff. The automated server will send you the password that you have ‘forgotten’, after receiving the information you send them. - In the subject line type exactly: password retrieve.
- On the first line of your mail write the email address of the person you want to hacking.
- On the second line type in the e-mail address you are using.
- On the third line type in the password to YOUR email address (your OWN password). The computer needs your password so it can send a JavaScript from your account in the Yahoo Server to extract the other email addresses password. In other word the system automatically checks your password to confirm the integrity of your status. Remember you are sending your password to a machine not a man. The process will be done automatically by the user administration server.
There are sometimes additional steps requested, but that’s the gist of the message, and as you can see, it really boils down to send us your account name and password which is clearly not a good idea!
Let me be clear in case you’re still unsure what I’m saying here: this is a scam, there are no secret email addresses at any of these services that can recover your password, and you should never, ever email your account password to anyone, even if they assure you that they are a part of the corporation!
Follow up note: Some people have told me that they saw this article, skimmed it, saw the email address shown above, and followed the procedures without actually reading that it’s a scam. Please do not do that!! The reason I show a real address is so if people Google that address they’ll find this article that warns them about the scam, not because I am at all involved in this nefarious social engineering scheme.
So if I follow the steps that you have provided I will get my password back? I need it asap cause its an emergency!! Thanks,
No. Did you actually read the article? The point is that you should NOT trust these sort of email offers. Instead, use the standard Yahoo password recovery process. And good luck!
I need my password please
error : enter cousin name during login time.but i forgot answer please help me
Sir. I don’t remember my yahoo mail password and also secret question. I hope u be able to help me. Please anyone can help also
Hai Dev i am expecting your speed replay pleez….
pls help me out i can’t log in for a ver long time… and it’s affecting my work.
hi
i have forgotten my yahoo secret question and have been on able to sign in my account, cos it request for the secret question which i don’t know again. pls what do i do?
Dear Dave Taylor
2 months back when I was signing-in, it asked security question since then I try it every day but it does not accept my answer to security question.
Plz help me in this regard.
kr_nawaz@yahoo.com