QI think someone has stolen my Yahoo e-mail contact list and is sending out e-mails that appear to be from me. I received an e-mail from "mailer-daemon@yahoo.com" that refers to an e-mail I supposedly sent to three people in my Yahoo contact list. But I never sent that e-mail, or others that have come back to my Yahoo address. How did this happen, and what should I do?
TRISH DAVEGA, CAMBRIA, CALIF.
AIt's probably not just your contact list that's been stolen. Your Yahoo e-mail account has most likely been taken over by someone who's sending e-mails to your contacts.
The typical purpose of that is to perpetrate a scam by sending spam (junk e-mail) or phishing attempts (which try to trick people into disclosing valuable personal information).
When an e-mail from your account couldn't be delivered to one of three intended recipients, you got an automated warning from a widely used e-mail-monitoring program called the "mailer-daemon" (pronounced "demon" and meaning "guardian spirit" in Greek mythology).
The undelivered e-mail might have bounced back to your account because the recipient's address was wrong or no longer exists. Alternatively, the recipient's e-mail server may be temporarily blocking Yahoo e-mail because of an outpouring of malicious e-mail from compromised accounts like yours. (In Yahoo's defense, any e-mail provider can have hackers briefly take over accounts.)
How does someone take over your e-mail address? One way is by guessing your password, which isn't hard if you've used something personal, such as a street address, or a real word that's in the dictionary (hackers can run what's called a "dictionary attack" that tries out real words as passwords).
Or you could have innocently given your e-mail information to someone running a phishing attack. It's also possible that you have a malicious program called a key-logger on your computer that can record keystrokes to learn an e-mail user name or password.
