Solved

yahoo email login from unregonised device

Posted on 2016-09-27
15
52 Views
Last Modified: 2016-10-03
hi,

I keep receiving email on saying my yahoo email has been login using unrecognised device, anyway to check the hostname of that device?
0
Comment
Question by:marrowyung
  • 7
  • 4
  • 3
  • +1
15 Comments
 
LVL 23

Expert Comment

by:Dr. Klahn
ID: 41817422
Yahoo email, so far as I know, does not check or care what kind of device is logging in.  If there is a link in those emails, check it and I suspect you'll find that you're being phished.
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41817597
" If there is a link in those emails,"

what links ?
0
 
LVL 61

Expert Comment

by:btan
ID: 41818105
From yahoo - "You'll also get a security notification for any unusual account activity - for instance; if you or someone else tries to sign in to the account from a new location, computer, mobile device, or ISP." https://help.yahoo.com/kb/SLN7125.html

You cannot check the hostname device that is attempting to login - other webmail may have but not yahoo that I know of have reveal this - at most identify the country, access type (browser etc) and IP. You can try to See your account's "Recent activity" https://help.yahoo.com/kb/account/recent-activity-page-sln2073.html
0
 
LVL 47

Expert Comment

by:dbrunton
ID: 41818771
>>  I keep receiving email on saying my yahoo email has been login using unrecognised device, anyway to check the hostname of that device?

Change your password and any other security questions you may have for that Yahoo account.

Possibly the account was one of those that was hacked back in 2014 and is now being exploited by some hacker.  https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers  Yahoo has only just revealed these details.
1
 
LVL 1

Author Comment

by:marrowyung
ID: 41819246
btan,

" "You'll also get a security notification for any unusual account activity - for instance; if you or someone else tries to sign in to the account from a new location, computer, mobile device, or ISP." https://help.yahoo.com/kb/SLN7125.html"

I don't receive any, an email just said sign in from an unknown device, any idea on how can I know what IP address it is ?

dbrunton,

"Change your password and any other security questions you may have for that Yahoo account."

I knew, already get it done.

dbrunton,

"Possibly the account was one of those that was hacked back in 2014 and is now being exploited by some hacker.  https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers  Yahoo has only just revealed these details."

can't see the device name anyway ?
0
 
LVL 47

Expert Comment

by:dbrunton
ID: 41819304
If the mail is still at Yahoo (check your Trash) follow the instructions here https://help.yahoo.com/kb/SLN22026.html to see the emails header.   You can then determine where it is really from.

Here's a sample from Experts Exchange to me.  Look at the Received-SPF, X-Originating and the Received and the From field to help identify where it comes from.

Received-SPF: pass (domain of experts-exchange.com designates 54.173.171.194 as permitted sender)

X-Originating-IP: [54.173.171.194]
Authentication-Results: mta1018.tnz.mail.aue.yahoo.com  from=experts-exchange.com; domainkeys=neutral (no sig);  from=experts-exchange.com; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO cron.prod.aws.redsrci.com) (54.173.171.194)
  by mta1018.tnz.mail.aue.yahoo.com with SMTPS; Wed, 28 Sep 2016 06:33:10 +0000
Received: from cron.prod.aws.redsrci.com (localhost [127.0.0.1])
	by cron.prod.aws.redsrci.com (8.14.4/8.14.4) with ESMTP id u8S6X6VQ018169
	for <abcdefghiji@xyza.cd.mm>; Tue, 27 Sep 2016 23:33:06 -0700
Date: Tue, 27 Sep 2016 23:33:06 -0700 (PDT)
From: Experts Exchange <noreply@experts-exchange.com>

Open in new window

0
 
LVL 47

Assisted Solution

by:dbrunton
dbrunton earned 250 total points
ID: 41819315
You can do this with your message.  Check the Received field and see if it comes from Yahoo.  If it doesn't then it is spam or phishing.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 41819520
From the "Recent Activity" you should be able to see the IP. See

http://aruljohn.com/info/yahoo-mail-login-activity/

You can click on location to switch to IP addresses instead of country which you should to to make sure that only IP addresses associated with your Internet connection have been used to log in.

Also you can checked on below on your email account to see if there is indicator of your account being leaked.

https://haveibeenpwned.com
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41821167
"From the "Recent Activity" you should be able to see the IP. See

http://aruljohn.com/info/yahoo-mail-login-activity/"

yes i saw that, but by using that Ip address, I can't find exactly where is this guy and what is the hostname, hostname very important.

what if it is one of our PC
?

"Also you can checked on below on your email account to see if there is indicator of your account being leaked.

https://haveibeenpwned.com"


how can it make sure that?
0
 
LVL 47

Expert Comment

by:dbrunton
ID: 41821256
Read about Have I Been Pwned here  https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41821263
the only thing left is Yahoo can't show me the hostname of the Device which tried to login to my yahoo account, and accurate location. right?
0
 
LVL 61

Expert Comment

by:btan
ID: 41821270
There is best effort with ip address which cannot attribute to specific details. It may also be the IP is not the actual machine.. Even the service to check is by security researcher own effort to share dump of leaked email accounts. It is just best efforts.
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41825950
"There is best effort with ip address which cannot attribute to specific details. It may also be the IP is not the actual machine.."

but having that extra information is the best ! I can guess who use this PC as that kind of people might use sth close to thier name.

IP, who know who use that IP.
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41825951
not much can be found out sir'
0
 
LVL 1

Author Closing Comment

by:marrowyung
ID: 41825952
tks all.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now