If you’re anything like me, you’re getting a bit of spam from “friends” and “family” today that looks like this:
After the fourth or fifth message today, I realized there was a pattern: all of the “from” names in this spam were from people I know use Yahoo Mail as their main email account. Looking at the “from” address in the messages reveals what appears to be randomly-selected or generated email addresses that aren’t @yahoo.com, and aren’t related at all to the name.
As such I suspect what we’re seeing here is not attackers compromising Yahoo email accounts and using them to send spam, but a follow-on effect of the Yahoo data breaches of 2013 and 2014, where the contacts lists of friends and family who had me in their contacts were vacuumed out and now circulate around the Internet, associated with the original Yahoo user’s name.
As a result, spammers can send me an email that looks to me, on first blush, like it comes from my friend “Stan Zarvox,” but, in fact, has nothing to do with him. There’s a link in the mail and if I click on it, curious to know what Stan has sent me, I end up at some spammer site that may then induce me to do something that would compromise me.
Unfortunately, there’s little the poor compromised Yahoo users can do about this: things have left Yahoo’s hands now, and the email is not coming from Yahoo, nor in any way under their control.
So there’s little point in sending friends and family a “I think your account’s been hacked” warning; they probably already know 5 times over.