InBoxRevenge KS Forum

Hello.

Thanks to our good friend Brian Krebs, I was put in contact with a senior abuse representative at Yahoo Mail.

I exchanged several initially terse emails with him regarding the perceived very weak, ineffective action Yahoo takes against the myriad Nigerian scammers who abuse their services. (i.e.: virtually none, and way too slow to have any effect.)

Tomorrow I have a call with him and a few other major abuse contacts at Yahoo to discuss a planned "serious action" against these scammers.

My plan is to outline that initially I, but then swiftly thereafter several of you, will send detailed scam reports to a dedicated contact in such a way that it makes it clear that the reported address is involved in scam activity, and in theory Yahoo will shut the account down immediately.

Per day I've been reporting no fewer than 110 Yahoo Mail accounts using their basic, ineffective, undetailed abuse reporting form (http://help.yahoo.com/l/us/yahoo/mail/ymail/spam.html) and while it eventually (sometimes) results in shutdowns, it's so slow that it's virtually ineffective. This should hopefully change that.

I wanted to arrive at tomorrow's meeting prepared to have a solid estimate of how many of us might participate in this action. Who is with me?

This could be a potential game-changer if they take it on, and if they continue the "serious action" beyond - say - a week or a month, Yahoo might eventually become so unpopular with Nigerian scammers that we see them turn back to strictly Gmail, at which point I hope to try the same thing with them. (Speaking of which: does anyone have a decent abuse contact at Gmail?)

Post back here or PM me.

SiL

As you've seen by my posts over the years, I've given up on Yahoo. I'll see how this idea goes and then I'll decide if Yahoo has turned the corner on abuse.

Good luck!

My experience with Yahoo has been totally different. Maybe they found me too damned annoying to ignore.

I never gave up on Yahoo, and up til 2 months ago I was reporting and confirming dozens of takedowns per day.
Now I am finding no time left, with Evil Eva taking up all my spare time.

So I welcome others taking ove the challenge. But it is not difficult, and once you get them accepting your requests, they act very fast - under 24 hours was my average.

I got a quick response today. Too bad it was the only/few responses in the last couple of days/weeks

Recently you requested personal assistance from our on-line support center. Below is a summary of your request and our response.
Subject
419 spam from [email protected]
Discussion Thread
Response Via Email (Casey) 08/15/2013 03:25 PM
Hello Jim,
We have taken appropriate action against the Yahoo! Account in question, as per our Terms of Service (TOS).
Note: Yahoo! is unable to disclose any actions taken on another user's account. We are not able to make exceptions to this rule.
Thanks,
Casey
Yahoo! Customer Care
hXXp://www.yahoo.com
New from Yahoo!
Don't just check the weather, see it. Introducing the Yahoo! Weather app. The forecast is beautiful. Download for iPhone. Download for Android.
Auto-Response 08/14/2013 07:25 PM

I guess my point is that the scammers are well aware that you need a response time of minutes. Preferably less than 5. Hotmail was up there for a while but they aren't. My opinion is: Yahoo is preferred, and it's obvious why: they take too long. It will never impact these scammers. This is why I'm specifically targeting them. Status quo cannot maintain.

SiL

110 a day? Wow!

I can contribute, but it won't be consistent due to time constraints. If I can just forward them to a dedicated email address from Mailwasher (which includes all the headers; it's designed to work with Spamcop), that would work best.

I find that on reporting spam to Yahoo there is now a CAPTCHA which they define as


Last time I was reporting to Yahoo there was no such requiremant so long as you were looged on. Are you seeing that too?
I am using a similarly inadequate reporting page at
http://help.yahoo.com/l/au/yahoo7/abuse/general.html

I get the Capcha also My Yahoo sign on is a paid account

Also got Capcha with help.yahoo.com/l/us/yahoo/mail/ymail/spam.html

The form is rinky. It doesn't allow for any detailed information to be included. It sometimes doesn't give the captcha, but more often does.

It's yet another form that is so poorly executed that it effectively stops people from reporting anything to Yahoo.

And of course: you get absolutely no response whatsoever from Yahoo.

This is why I hate this form, but it's the one that their main abuse team member recommended to use.

SiL

I gave up using the online forms.

I use complainterator and submit by email. I get about the same responses but they do show the domains reported.

I have several yahoo addresses but can't tell the good ones from the bad so I use them all.

Complainterator? That reports to registrars based on a URL.
Did you mean 419AR or 419FILE?
What is the email address that you send reports to?

Up until last May I was reporting an average of 20 per day, getting responses on about half of them.
Today I tried testing out Yahoo again after 3 months respite. I reported these 11:

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

I received 6 auto-responses over the next 30 minutes in the format


Notice how there is no way to know which report generated which Incident ID. Tracking is thus rendered futile.

One of the submissions had an immediate reply from Yahoo!7 Customer Care (Mickey) indicating that submissions need to include full headers etc. That would be a glitch either at their end or at mine. Because they are entered into a web page I do not have an audit trail to check and resend. Nor do I know which submission was rejected anyway. But that leaves 10 more.

There were 5 other auto-responses like those quoted above, each with a unique incident ID but no way of telling which report it applied to.

Over the ensuing 9 hours there were replies, from email ID Yahoo! Customer Care. They were in one of two forms. Two of the 11 reports were for Yahoo! IDs in France, and two of the responses were in French.

ENGLISH


FRENCH


So 11 were submitted, 6 were acknowleged, 1 was rejected, 5 may or may not have been acted upon, with a reponse time between 1 and 10 hours.
I can not tell which 5 of the 11 were totally ignored, except that I can deduce that the 2 reports for the French email IDs were addressed.

Problem reports were submitted using an automation tool on the slightly more detailed abuse reporting web page at
http://help.yahoo.com/l/au/yahoo7/abuse/general.html
Although it has "AU" in the URL, it is able to be used from other geographies, including mine.

Note the annoying CAPTCHA that makes automated reporting of dozens of frauds per day exceptionally tedious.

We had the call. For now it's going to be just me reporting from some expected addresses, and from there, if we see really fast shutdowns, more of us join the fray.

He was really engaged, and I am intrigued to see if this is the first real action that we get to take against these morons.

My hope is that his team - which is specifically e-crime-related, not overall broad abuse - will get used to seeing the same kinds of message types being reported, and the accounts get shut down really fast. New scam types: possibly a different story. If that happens: we could then try the same approach with Gmail and AOL.

More as I get it. Very interested to see how this pans out.

SiL

* Stats:
My log of recent (up to May) 419 fraud reporting shows 3,000 reports, of which 1,100 are Yahoo and 600 are gmail Microsoft is harder to calculate, since there are so many variants.
But you can see that more than half are abusing those two service providers, Yahoo and Google. .

* Automated reporting:
My reporting system was previously practically totally automated, sending off up to 50 reports from my Gmail Spam box to all ESPs. It uses email except for Yahoo and Gmail and GMX where it auto-fills the page and sends. 50 scam emails per run is based on my maxlist per page under Gmail.

I have 3 419-fraud gmail accounts, which seeded their addresses into known mugu traps. So over 95% are frauds.

Now, with Yahoo's CAPTCHA, I may have to revert to email to Yahoo, if I want to do this style of automated reporting.

The autoreporter decides which fraud brand it is, based on key-word extraction from the body text. Then the request names the brand and the keywords. Here are 6 examples

k.john942@laposte.net X-Recovery-fraud-Keywords: [list of key words specific to Recovery fraud]

nasikogroupofcompany@aol.fr X-Friendship-Scam-Keywords: [list of key words specific to Friendship fraud]

infonatwestbk1@ymail.com X-Lottery-Fraud-Keywords: [list of key words specific to Lottery fraud]

creditpage78@gmail.com X-Loans-Scam-Keywords: [list of key words specific to Loans fraud]

ty66252404@cantv.net X-Purchasing-Fraud-Keywords: [list of key words specific to Purchasing fraud]

wfrank@yahoo.com X-Advance-Fee-Fraud-Keywords: [list of key words specific to Advnce Fee fraud]

I mention this, as it is the same method that they could use to set a confidence level in classifying the various fraud emails that we report.

It is still time-consuming, and a more direct method of simply forwarding the total email via a web-site upload for them to handle with a large enough team of dedicated handlers would be more efficient.
If they created some similarly automated approach as we use to analyse and suspend the majority of scams it wouls speed things up. They need to have enough pepople working on it, with good automation tools, so that they can meet a target turn-around deadline. It's not difficult to calculate how many staff would be needed, once the target is set. That's how help-desk operations are set up. And of course, be multi-national, they could spread the exercise around the world to make it 24-hour fast response within one or two shifts.

* Better approaches

Obviously, it would be better for them to not rely on our reporting. If we can set up honey-pots, so can they.

Even more obviously, placing scam detection at the point of egress would make a lot better sense, stopping it from getting out and suspending offenders at the source. But that's another battle.

Feel free to share this with your contacts at Yahoo.

Reply within 8 hours (submitted by email) Below is all from response

Subject 419 spam from [email protected]
Discussion Thread
Response Via Email (Casey) 08/20/2013 04:29 PM
Hello Jim,
We have taken appropriate action against the Yahoo! Account in question, as per our Terms of Service (TOS).