YahooMail, which has now merged with AOL to form OATH, part of Verizon, can allow others, including and most likely, cyber criminals who are out to hack your digital life, to permanently have your yahoo email address; and there is nothing you can do about it. Except get off their service as quickly as possible or don’t start to use them in the first place

Even though Yahoo has now been merged they have kept the terms and conditions, which some on the internet have called a privacy nightmare, largely the same.

The first part is the same as all other FREE email and social media companies, and that is that everything you put, send or receive belongs to you, BUT, you grant them a sublicense to do with your data whatever they please.

The second part is more worrying and that is the fact that, if, for any reason, your account is terminated; including because you didn’t have enough activity on it for a given length of time, which remains unspecified in the terms and conditions, so as they determine it, then they can and will make your username (email address) available for anyone else to register.

If you don’t have enough activity on your account, like those who just use email occasionally or those who just use it for recovery purposes, e.g., you set it as the backup email account if you can’t get in to your Facebook, Twitter, Amazon account, etc.; then you risk having your account terminated and someone else registering it. A cybercriminal, who is sitting watching you and notices that your account has been terminated, can register that account and then reset all your passwords. Then you will lose access to your Twitter or Facebook account and in some cases your PayPal, Bank or Amazon account where your credit card numbers are stored. Now in some countries you may have some protection if this happens but in many you will not and even if you do they typically take around 3 to 6 months to give you any money back, not to mention the hassle of having to change your bank account and credit cards and re-setup your accounts. Avoid all of this and get yourself a proper email account. If you are paying for your email to a reputable company then there is little chance that they are going to use your information to make money (even free services are not free, you pay one way or another) and they are more likely to want to look after you as a client.

Below is the link to the OATH YahooMail Terms and Conditions in full. It has been said that they are the same ones for all their services, and that may be true, although they state there may be other policies, these are the ones that you agree to when you sign up for YahooMail, which is the subject of this article.

https://policies.oath.com/us/en/oath/terms/otos/index.html

And here are the bits we were talking about above:

Look at section 6b – What you give them:

IP Ownership and License Grant. Except as otherwise provided in the specific Oath product terms or guidelines for a Service, when you upload, share with or submit content to the Services you retain ownership of any intellectual property rights that you hold in that content and you grant Oath a worldwide, royalty-free, non-exclusive, perpetual, irrevocable, transferable, sublicensable license to (a) use, host, store, reproduce, modify, prepare derivative works (such as translations, adaptations, summaries or other changes), communicate, publish, publicly perform, publicly display, and distribute this content in any manner, mode of delivery or media now known or developed in the future; and (b) permit other users to access, reproduce, distribute, publicly display, prepare derivative works of, and publicly perform your content via the Services, as may be permitted by the functionality of those Services (e.g., for users to re-blog, re-post or download your content). In some of the Services, there may be specific terms or settings allowing a different scope of use of the content submitted in those Services. You must have the necessary rights to grant us the license described in this Section 6(b) for any content that you upload, share with or submit to the Services.

And Section 7d – What happens when your account is terminated:

Subject to any statutory rights you might have, if your account is terminated, access to your username, password and all related information, files and content associated with your account may be terminated and your username may be recycled for use by others. If the Service is a paid service, please consult Oath’s payment terms which can be found here.

One last important note; if you are reading this thinking well, luckily I use Gmail or Hotmail (LiveMail) or some other free email provider then remember this. They own the server, they own the domain name, and they can charge whatever they like, which may well be nothing at the moment. ALL of the social media and free email companies that we have looked at have similar terms and conditions as far as you Intellectual Property (IP) goes. They can always add the section that says they can reuse your email address if they choose to. They owe you nothing.

Stay Safe

CritchCorp Computers Ltd

[ink-ad-creator ad=”1327″][/ink-ad-creator]

There of course, have been some domain name companies that try to scam people either out of their domain name or just to win the business. Whichever it is I do not agree with underhand tactics to get business. People come to us because we are honest and open and we do an excellent job, not because we conned them in to moving to us.

The one that most people have probably seen the most is a company, that I will not name but they have been conning people for years now and more recently have been trying to clean up their act to appear more professional. They send out postal letter and emails to the registrant (owner of the domain name) and in the beginning they said that if they did not pay this extortionate rate their domain name would be lost forever. Anyone dumb enough to fall for it could have fallen in to many problems, as they were effectively transferring their domain name to another company and their website, emails and everything else could easily have stopped working and been lost. On top of the fact that they have paid a lot more for the domain name renewal than was necessary.

Always know who you have registered your domain name with and check with them first before renewing anything with a third party. This particular company have been forced by trading standards, I believe, to clean up their act. They still send out ridiculous emails and letters to try to steal customers from other companies, in my opinion, by deception. Their latest one stating that if you do not take their offer of SEO and domain name then no-one will be able to find your website. I will not go in to the technically details of this but to anyone with any technical ability they know this is not true, but it must be fooling some unwitting domain name holders or they would stop.

Another long running scam is the Asia domain name company that tells you that someone is trying to register a domain name that is similar to yours and they are going to give you first refusal of the domain name. A scam as well that has forced thousands of people to buy domain names that they do not need or want.

The latest email to go to domain name owners is one that is intended to scare you though showing you a whole lot of technical information about your domain name. All of it is probably true but means nothing in the context. From what I can see their whole point of sending you a large font email telling you that your whois information has been updated (which is a lie) is to get you to purchase other domains from them. I have not been any further and I have only just seen this one going round so I am sure that we will see what devastation it causes in the coming weeks and months.

If you own a domain name make sure you know the basic information of who it is registered with and when it is due for renewal. Even if you have technical people to look after things like that for you, make sure you have basic information (read: http://www.cc-computers.biz/Blog/?p=228 to make sure you don’t lose your domain name)

Be vigilant with emails and letters that come in the post telling you that you need to do something, check with the right people first.

Support Team

CritchCorp Computers Ltd.

Prices correct at date of publish.

With immediate effect all outbound email (which is already authenticated), will also be subject to blacklist checking. If you have a virus on your network that is sending out spam it is likely that you will now not be able to send email yourself. We need to implement this because of the problems caused by being blacklisted for the majority of clients who are not infected. So, to protect everyone else we need to stop email from those who are infected from sending email (most probably spam) and causing disruption and problems for everyone else.

There is now also a limit of 50 emails per hour from the same IP address.

If you do find that you are unable to send email, and nothing has changed on our network, then after you have been through the usual checks (restarting the computer, restarting router, etc) then it is possible you have been blacklisted. You will need to start by trying to fin the virus by scanning all computers (Macs, PCs, Linux, Etc.)

If you need help with any of this then please get in contact with us.

We also have a paid outbound SMTP service. This service rarely gets blocked by spam filters due to it nature. Accounts start at £50/year. Please contact us if you need more information.

CritchCorp Support Team

Before I clicked it I took a moment to calm down and think logically. I have a suitably strong password on my account so it is unlikely someone would have been able to guess it. You can’t make a payment unless you have the password. Is it possible someone could have got it from my PC with a keystroke logger and then used it; possible but not likley. I then took a moment to read the email more carefully and noted a couple of things that I should have picked up on straight away.

Firstly the email was addressed to me, but not in the normal way. Secondly it came to an address that was not the one I used for PayPal. These two facts alone were proof enough that this was a phishing email. I check out the links that I was about to click and sure enough they were not to the PayPal website but something that was meant to look like the PayPal website as it had www.paypal.com in the address but was not their site. (I will write another posting about what to look out for in the URL to make sure you are going to the right place).

What struck me about this one was the fact that it was very well written, not like most of them that give themselves away instantly with the bad grammar or spelling mistakes.

What you need to learn form this is to be extra vigilant when it comes to any message in email. NEVER EVER click the link in an email, go to the website by typing in the address yourself. Read the content of the email over again before jumping to conclusion. PayPal in particular use the correct greeting in their email which makes it harder (although not impossible) for people to pretend to be PayPal. The same goes for some banks and other financial institutions.

Phishing emails have been around for a long time and are clearly very successful so be extra vigilant on emails that you expect and ones you are not!

Be on the look out for the latest batch of PayPal phishing emails as they have clearly copied the contents of real PayPal emails and just changed a few details.

I have had several more since the first one of these.

CritchCorp Support Team.

Beware the email virus. Someone you know sends you a link or attachment, or it comes form someone you consider reputable. When you open or click the link, it doesn’t always show you anything, sometimes you open the attachment and it just says there was an error accessing the file and sometimes there is nothing, just a blank page, or there is a document that just doesn’t make any sense or appears to not be for you. In all these cases the virus may well have been delivered silently in the background and you are now infected with one of thousands of different virus’. Many more of them will come in through web sites that do not know they are infected yet. (Some statistics suggest that 1000 website get infected every day!) In all cases the goal tends to be the same: Take control of your computer to extort money from you or someone else.

There are many different types of virus and they will all have a different part to play in the overall scheme. A few of the worst and their general purpose are noted here.

Trojan Horses (Trojans) – they will get in to your system and not necessarily do any damage except for disabling antivirus software, hiding itself and opening your computer up for other nasty things to come in. Often selling space on your computer to other virus manufactures (or programmers). They are often included with a root-kit. (See below).

Root-kits – These are a particularly cleaver type of virus. They hide themselves from Windows and everything else. The will usually get in to your system and load before Windows loads. They will then be sitting there behind Windows so that, for instance, if you view all the files in a folder you will not see the virus files there. This is because when Windows is enumerating (making the list) of files in the folder the Root-kit is watching and when Windows reaches one of its files the Root-kit will block Windows from seeing it. The Root-kit can also do this with system services so that when you look in Task Manager it’s services do not appear there either, making it very difficult to detect. This will be the same if your antivirus software is looking for it, because it has a position in the root it can hide itself from anything. The only way to detect their presence is in the very small added delay between file names when enumerating a folder (or directory). By looking at the time between each item to be enumerated any added delay of millionths of a second can be detected and then you can presume the existence. To actually find them and remove them requires very special techniques.

Self hiding/restoring viruses – These types of virus are often confused and also labeled by antivirus companies as root-kits but they tend to lack the hiding effects in the same way and use other methods to hid themselves. They will, as many do, also replace themselves when discovered. Firstly, they will often tell Windows that their files are part of the system and should be protected by the system. This has the effect of hiding them from normal users and can get Windows to replace any files that are removed. They sometimes also mark themselves as needed for Safe Mode, the special start-up mode to help remove virus’ and fix other issues with Windows. When Windows starts up in this mode it only start those programs which are essential to the system starting up. There is usually more than one part to this type of virus as well. It is the job of each to look after the other parts, so when you find one of them and remove it one of the other parts will put it back again, sometimes with a different name!

Bot-Nets. These are little viruses that are controlled by someone else and use your system resources like your computer processor, memory, Internet connection. They tend to be quiet, just sitting there not doing much until they are told to attack. Most commonly they are used to take down Internet sites for some kind of monetary gain. They can be hired to take down a competitors site at a critical time or by the organised crime syndicates to extort money out of companies in the old fashioned “protection racket”.

For Example, someone says to a betting site, “wouldn’t it be a shame if your website was not available for the big match coming up? If you pay a fee of £50,000 we can make sure you will be online at that time, otherwise we can not guarantee it!” If the site doesn’t pay first time round they will next time because at the time of the big game your computer and tens of thousands of others received instructions to attempt to connect to the betting site servers at the same time and to continue trying until the stop time, typically after the match/race has finished. With all this additional traffic going to the site and not doing anything the legitimate traffic cannot get through so the site then appears “offline” with a “404 page cannot be displayed” error or an error saying that the site cannot be reached. The site will not want the bad publicity; allowing people to find out that they have been compromised is very bad for business, so they end up paying. Your computer was used to help criminals extort money from someone else!

Another type of virus, actually mal-ware or increasingly know in the industry as ransom-ware, that comes in, often through a PDF or Adobe Flash exploit, is the current and very common one that will hold you to ransom. There are several different variants to this one depending on who is controlling it but they all do essentially the same thing and that is try to take your money off you with a type of protection racket or threat of some bad thing happening.

You will first notice a pop-up box that says you have hundreds or even thousands of viruses on your system (in some cases it is a corrupt hard drive/memory, porn or some other thing is very wrong with your computer) it will state that you need something in order to fix this. You are usually presented with a dialog box to confirm you want it or not. which ever button you press the answer is yes, go ahead and install the virus. The only way to get round this is to cancel the box (best done by using Task Manager to kill the program and everything to do with it). Another common one is a page that says that the FBI are stopping you from using your computer due to inappropriate content on your computer. You are then instructed to pay a fine or risk jail if it goes to court. Once you have install the virus you will be held to ransom, not able to use your computer at all in some cases, until you pay or remove the virus.

Worms. These are more commonly used as a method of transport. They are used to get their payload to your computer in any number of ways. They self replicate, usually to many different forms of media and methods. IE Across the Internet directly to your computer, through floppy disks, USB pen drives, external drives, emails, through the network to other computers on your local network. Once in they will begin to look for the next computer to infect, some also phone home to pickup instructions, such as what payload to deliver to the computers at the moment.

Viruses are a very very big money these days, both for the virus manufacturers and the antivirus manufacturers and on all forms of operating systems.  Although Windows is still the majority platform, Apple Macs are gaining market share and so now present a nice target with people who are not so use to viruses so are more susceptible to being infected. So which ever platform you are on, be careful, even phones, which are small computers, can be infected with things that cost you money!

Beware the antivirus that is a virus! Know which antivirus you use on your system and what it looks like to help reduce the chance of getting stung by a fake one, which will then hold you to ransom as above.

When surfing the Internet remember this: If you didn’t ask for it, don’t install it! many viruses will come packaged as something nice and appealing but, if you were not looking for that exact thing then do not be tempted to install it!

A good computer maintenance regime is to not install something unless you absolutely need it. If you think you need it, make sure you check it our fully before installing it, and make sure you download it from a known good source. Where possible go to the manufacturer’s website to get it, not from someone else offering it, unless directed there by the manufacture. If it turns out that you do not need or want it, then remove it. Although removing something is not as good as not installing it in the first place, it is better than leaving it there.

Watch out for viruses, they will come and get you any way they can. It is up to you to be careful, not your antivirus, after all you can override your antivirus if the virus is cleaver enough to trick you in to believing it is good for you.

Chris.