Tag Archives: email

Apple customers targeted by fake iTunes email scam

A phishing scam asking users to click refund links in a legitimate-appearing email purporting to be from Apple is doing the rounds

Apple customers are being targeted by a phishing iTunes invoice scam designed to trick them into clicking a link to claim a refund for a purchase they did not make.

An email purporting to be sent from Apple is currently in circulation, appearing to bill the recipient for £34.99. The invoice contains the line: ‘If you did not authorize this purchase, please: Click here for Refund’ [sic] in an effort to trick users into entering their Apple ID into a fake login page, according to internet security blog Malwarebytes.

After entering their Apple ID and password, victims are then prompted to enter credit or debit card information, including their card number, address and full name.

The scam emerges in the wake of the news that TalkTalk’s website was subjected to a “significant and sustained” DDoS attack which may have compromised millions of users’ personal information, including names, email addresses, financial information and telephone numbers.

The attack, which took place on Wednesday October 21, is the third time TalkTalk has been targed this year alone. In August, its mobile sales site was targeted and personal data breached and in February, hackers were able to steal account numbers and names of TalkTalk customers.

The Metropolitan Police Cyber Crime unit said it was currently investigating the attack.

Earlier this week, it was reported that fraudsters were imitating Apple’s remote help site in an effort to gain access to victim’s computers.

Scammers typically try to trick users into landing on such falsified support sites by targeting them with false warnings and pop ups warning of something wrong with their computer.

When legitimate sites ask for sensitive information such as financial or personal details, a padlock icon is displayed in front of the url to indicate the presence of a Secure Sockets Layer (SSL) certificate.

Fraudulent sites impersonating Apple’s iTunes pages and banks including Natwest and Halifax have been wrongly issued with the authentication certificates recently, which can instill users with false confidence when inputting their details.

Tagged , , , , ,

Yahoo wants to kill passwords with revamped Mail app

The Internet giant is trying to get more people to use its email service. In the process it also wants to rid the world of passwords.

Yahoo thinks it can make your password a thing of the past.

It’s part of a larger effort to revamp the Internet giant’s email service into something so compelling and easy to use that it stands out among other email services like Google’s Gmail and Microsoft’s Outlook. In Silicon Valley at least, Gmail is considered cool, and most others are passe. Yahoo hopes new features it announced Thursday will help change that.

One of the features enables people to log in to their email accounts without a password. You go to mail.yahoo.com, enter your user name and press “continue.” That’s where everything changes. Instead of entering an annoyingly complex or easy-to-crack password, the company sends an alert to your smartphone and asks if you’d like to sign in. Hit “yes,” and presto.

“We’re going to kill passwords altogether,” Dylan Casey, Yahoo’s vice president of product management, said at a press event in San Francisco on Wednesday.

If Yahoo’s tech catches on, it means consumers could eventually live in a world without having to remember passwords. That’s a big deal because most security experts agree passwords in general are unsafe. What’s more, it doesn’t even matter if you are logging into a secure website.

High-profile hacks at places including Sony Pictures, the Internal Revenue Service and extramarital-dating website Ashley Madison have brought a lot of attention to people’s digital vulnerability. One of the problems is too many people use an easy-to-guess password or the same one for multiple sites. The result is that if a hacker breaks into one site, it could mean trouble for the rest of your online life.

A ‘far superior’ way

This isn’t Yahoo’s first push to end passwords. The company in March released a feature called On-Demand passwords, which lets people sign into their Yahoo accounts with temporary passwords the company texts to users’ phones. It’s Yahoo’s take on a common process for logging into websites called two-factor authentication, where you first enter your own password, then enter a second password the company sends to your phone. Many popular services, including Gmail, do this. Think of Yahoo’s process as two-factor authentication, minus the first factor.

But only 3 percent or 4 percent of Yahoo’s 225 million monthly active users implemented On-Demand passwords, Casey said. Yahoo’s new tool, called Account Key, is “far superior,” to On-Demand passwords, said Jeff Bonforte, senior vice president of communication products. He said Yahoo will eventually shut down On-Demand passwords and move people to the new feature.


To use the tool, you log in to your email with your regular password, turn on Account Key, and register your phone. The catch, of course, is you must own a smartphone and be willing to give your phone number to Yahoo. Bonforte said more than 90 percent of Yahoo Mail users in the US have smartphones, and the majority of users access their mail through their phones.

If people lose their phones or their battery dies, they can still log in using traditional passwords or through email. The tool is available for Yahoo Mail and Sports but will expand to the company’s other services later, a company spokesman said.

A wider reach

For Yahoo, attracting more people to its email service is critical as CEO Marissa Mayer tries to turn the company around. Since she took the helm of the once-proud Internet pioneer three years ago, she’s tried to pull the company into the era of smartphones and tablets. She’s revamped each of the company’s mobile properties, from Yahoo Weather to Finance, but she still faces flagging revenue and increasing impatience from investors.

“Basically, what they need is a killer product. They need something,” said Sameet Sinha, an analyst with the investment bank B. Riley and Co. “Google has search. What does Yahoo have?”

Yahoo hopes the new version of Mail can fill that void. The company also announced other new features for the service, including allowing people to import outside email accounts such as Outlook.com, AOL and Hotmail. Gmail is not included, though the company is “working on it,” Bonforte said. You can also look at attachments side by side with messages, among other things.

The company said it made its email search tool more powerful so you can more easily see older emails while on the service’s mobile app. The iPhone version of the app will be compatible with 3D Touch, a new software feature Apple designed for the new iPhone 6S that lets people navigate through apps differently.

The changes are an attempt to improve a crucial part of Yahoo’s business, Bonforte said. “Yahoo Mail has always been the center of what Yahoo is,” he said. “The success of the product is very important to the success of the company.”

Tagged , , , , , , ,

Pentagon Email System Is Back Online After Cyberattack

The Joint Chiefs of Staff’s unclassified email system is back online, defense officials tell NBC News, more than two weeks after it was the target of a cyberattack believed to have been carried out by Russian hackers.

Pentagon officials told NBC News the Joint Chiefs email system was restored Sunday, following an intensive “scrub” meant to eliminate any potential malware that may have been implanted. Additional security measures were also installed, the officials said. The system was originally scheduled to be back online Friday.

The “highly sophisticated” cyberattack is believed to have occurred sometime around July 25 and affected about 4,000 military and civilian personnel who work for the Joint Chiefs, officials had told NBC News last week. The officials insist no classified information was compromised or stolen during the attack on the unclassified email system.

Officials said it appears the intrusion was the result of what’s known as “spear phishing” — emails that look legitimate but are loaded with links that download malicious software. At least one Pentagon or military user violated protocols and security requirements by clicking into an unknown email source, the officials said.

Despite their firm belief that “Russians” carried out the attack, defense officials still cannot confirm whether the cyberattack was sanctioned by the Russian government or carried out by independent hackers.

Tagged , , , , , ,

Yahoo unveils total email redesign inspired by Flickr and Tumblr

But will it be enough to win back Gmail users?

yahoo mail

Yahoo’s march to modernize its core products continues with a significant redesign ofYahoo Mail that brings Flickr-generated themes, a new compose screen, and a host of other features designed to win back defectors. The company is also putting a cap on its previously unlimited storage: 1 terabyte, which the company says should be good for 6,000 years of email. The redesign is rolling out today simultaneously on the web, and for apps on Android, iOS, and Windows 8.

Mail is a pillar of Yahoo’s products, with more than 100 million daily users. And yet like many of Yahoo’s products, it was overtaken in recent years by Google’s equivalent offering — Gmail now has more than 425 million monthly users. It became the biggest email service in the world by offering tons of free storage, smartly threaded conversations, and a service that often felt faster than its peers.


With today’s update, which comes on Yahoo Mail’s 16th birthday, Yahoo aims to leapfrog Gmail on each of those counts — even as it transforms to look more like Gmail than ever. Yahoo has put significant focus on mail this year, introducing new tablet apps and releasing unused email addresses back into the wild. (That last move led to criticism oversecurity concerns.) The goal is to get Mail growing again. If Yahoo owns your inbox, it can steer you to many other Yahoo products. But will a younger generation of users give it a chance?


In August, Yahoo put former Xobni CEO Jeff Bonforte in charge of its communications products, which also include Messenger, Groups, Contacts, and Calendar. Xobni, which Yahoo acquired in July, built plugins designed to make the inbox more useful; the new Yahoo Mail shares that objective. “Our average user already has thousands of messages,” Bonforte said in an interview with The Verge. “This is the beginning of helping them see the inbox can be more, not less. It’s part file system, part digital memory, part note-taking environment, part collaboration suite. It’s all those things, but how can we create a more collaborative environment?”

The answer was to introduce a number of smaller changes that added up to a real step forward. The first thing most users will notice about the app is the new look, which takes cues from this year’s popular Yahoo Weather app. Yahoo Mail includes more than two dozen themes with images taken from Flickr — and uses algorithms to pick colors out from those images, changing the hues of buttons and text labels throughout the experience. The imagery has been upgraded for high-resolution screens, and uses more lightweight fonts throughout the inbox. And the themes sync across clients, so when you open Yahoo Mail on your tablet it will have the same basic look as the web version.

More interesting are the changes that Yahoo has made around sending and organizing mail: threaded conversations can now be expanded inside the inbox, letting you quickly navigate to a recent message from the conversation. Clicking a magnifying glass next to a sender’s name will take you to every message you have received from that person. And a new compose screen on the web brings up a rectangular white card that hovers over the inbox, similar to the dead-simple interface for composing a new post on Yahoo-owned Tumblr. Bonforte calls it “the best compose screen on the market,” and time may prove him right.

Yahoo is also now giving away for free premium features that were once part of Mail Plus, which cost $19.99 a year. Free users can now create disposable addresses to hand out to marketers, automatically forward Yahoo Mail to another account, and get offline access to their messages with POP. The only thing they don’t get from Mail Plus is an inbox free of advertisements; to go ad-free, you can pay Yahoo $50 a year. (Existing Mail Plus users can keep their current plans, though it’s not clear why they would want to.)


Switching email accounts can be painful, and it’s not clear that any single feature that Yahoo is releasing today would prompt a user of another service to abandon ship. At the same time, the update arrives as many are still grumbling about Gmail’s recently redesigned compose window. And the 100 million people who use Yahoo Mail daily are likely to find something they like in the new features, even though just about all of them can be turned off if they fail to impress.

The shift to mobile devices has led software designers to rethink the way we search, send, and organize our messages. Yahoo’s latest take on email freshens up the web version while making it feel of a piece with the phone and tablet versions of Mail that the company released earlier this year. And while it may not recapture Gmail users by the millions, it could reignite a healthy competition between Google and Yahoo to see who can better tame our inboxes.


Tagged , , , , ,