COVID19 Work From Home Tip #2: Stop Using Bellsouth Email
photo: Rubén Bagüés
If you have a Bellsouth or ATT email account: consider yourself warned!
Bellsouth and ATT email is NOT SAFE
[UPDATE:My original newsletter only specified Bellsouth accounts having this problem, but several clients with ATT accounts checked in with me and it became clear that ATT email is also vulnerable for the same reasons. So everywhere below that you see “Bellsouth” read it as “Bellsouth and ATT”…]
Today’s “digital safety” recommendation may not seem to apply to all of you, but if you have an @bellsouth.net or @att.net email address, or you have a friend or family member (or colleague) who does, please keep reading.
Here’s the problem with Bellsouth email accounts: they do not offer ANY kind of multi-factor authentication (MFA or ‘2 factor authentication’ etc.). If you have ever logged into a bank or credit card website or some site where they send you a code via email, text or phone call to confirm your identity: THAT is what I’m talking about.
Without any multi-factor authentication in place, ANYONE could attempt to log into a Bellsouth email account, and the owner would have NO IDEA it was happening. And sure, you’d think that the account would be secure if it had an awesome password–maybe that’s true, but I can tell you this: basically EVERY TIME a client calls me with a hacked email account, it’s a Bellsouth account. So either those people aren’t using difficult-to-crack passwords, or they’ve exposed their password somehow, or they’ve used that same email/password combo at another site that has had a security breach… OR, perhaps, Bellsouth might have had one or more hacks into their system. I honestly don’t know which of those is most likely, but the point is that whether a Bellsouth email account user has a weak or compromised password, there is no way for them to know if someone unauthorized is signing into their account. And there’s no way to stop someone with that password from getting in and making all kinds of changes, using the account for nefarious means, and blocking the owner from even gaining access to their own email.
It gets worse.
At some point, Bellsouth, AT&T and Yahoo all had some kind of messy merger of their services. (I think it’s even more complicated than that, and Verizon may be involved too.) It’s very confusing and has only gotten more complicated moving forward. I recently tried to recover a hacked email account for a client of mine with a Bellsouth account, and found that the Yahoo settings had the hacker’s email address as the recovery email for the account. But because it was a Yahoo account tied to a Bellsouth account, there was no way to remove or change that recovery email address! So that’s at least one ‘back door’ into the Bellsouth account that *cannot* be closed! (Not to my knowledge, anyway; if you know how to fix that, PLEASE tell me. I need to share that info ASAP.)
In a best case scenario, a hacked Bellsouth account is just sending out spam, risking having their address added to a black list that other hosts will use to stop incoming spam. The hacker will probably add an email account of their own as the Reply To address for your outbound email, so that any replies to their spam (and your legitimate emails) will not get back to you, keeping you from discovering the hack. You might find that people aren’t getting your emails, which can be a clue that something is wrong. Or you might also discover you can no longer check your own email, meaning that your password has been changed without your knowledge. And depending on how well you remember your security questions and security PIN number, you might have a difficult time getting back into your account, or an EXTREMELY difficult time getting back into your account.
What should you do?
The first thing you should do is get another email account (free, or paid). It doesn’t matter if it’s Gmail from Google, or Outlook from Microsoft, or Zoho Mail or the security-conscious ProtonMail or anyone else, as long as the accounts have multi-factor authentication of some kind. You NEED TO KNOW if someone is logging into your account, first of all, and requiring the security code to complete logging in means that an unauthorized person is less likely (or not likely) to get in even if they do have your password.
After you get a new email account somewhere safe, you can choose to use your Bellsouth account strictly for unimportant personal use only (hopefully with regular password changes using strong, lengthy passwords). Some services will let your new account check the Bellsouth account for you, pulling them into your new account and allowing you to send new email from the Bellsouth account. I’d recommend alerting everyone that you’re moving to a new email provider, tell them why, give them your new email address, and make the Reply To email address for all outbound Bellsouth emails your NEW email address. That way you can begin moving towards a much safer online experience for you and your contacts.
If you insist on continuing to use a Bellsouth account for email, you should NEVER use it for anything important such as online accounts for banks, credit cards, anywhere you might make a purchase and store payment details, etc. Because remember, many such sites use your email address to recover or change the password for the account. And if someone is between you and your Bellsouth email account, they can potentially intercept any email you receive, use the information in it and delete it before you even see it. It’s an entry point into all kinds of identity-theft shenanigans, and things can get messy very quickly. Honestly, it’s just a bad idea to use the Bellsouth for any reason, because you’re increasing the odds that something bad could happen to someone you know who may get an email from you with a link containing malware, or they may fall for a phishing attack and give up account details of some kind… who knows.
Please send me any tech-support questions you’d like me to discuss in a future post. Email: email@example.com
Thanks for reading, everyone–be safe out there, and don’t touch your face! Hoping you and your loved ones are all safe and healthy, for as long as possible…