Restoring files accidentally deleted from a local storage device is not difficult when you have access to a reliable backup. On the other hand, a different strategy is needed when the lost data involves thousands of contacts and emails and none of this information is kept and stored on a local machine.
One of my small business clients faced this predicament recently. The missing data involved all her emails and contacts that had evaporated from Yahoo’s mail server as a result of a malicious link on a spam message or web page. Activating this link set off a chain of events where a fake email address was inserted into her Reply-to message window and her Yahoo account began to send out bogus emails (“Help me, I’m stranded here in the Philippines”) to everyone in her contact list.
I was first alerted to a Yahoo Mail security hole ever since another consultant brought up the subject right after the following article was published:
Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blame
The Next Web
Jan. 7, 2013
When I was notified about my client’s mail problem, she was traveling out of the country on business and my only contact was by phone and email. Authenticating to her Yahoo account and deleting the bogus Reply-to address constituted the first order of business. After removing the bogus address in Yahoo’s Account settings screen, I found and deleted the fake Philippines letter that was present in the Drafts folder. Afterward, I conferred with the client in helping her change her email password to a string that was stronger and more difficult to hack.
Checking online, I learned that Yahoo only offers web-based support for its free email account holders. To restore my client’s contact information, I submitted the Yahoo Contacts Restore Form on her behalf. After a wait of 8-10 hours, the missing contacts eventually reappeared in her Yahoo account.
While I seriously considered the idea of submitting the standard mail restore request form available on Yahoo’s website, the following text held me back from taking immediate action:
“We can only restore messages that were lost in the last 48 hours [and] We can’t guarantee a successful restore.”
When I mentioned these words over the phone to my client, she understandably was upset and wanted a better solution, such as talking to someone at Yahoo who could take action, as she had years of emails saved in customized folders.
In response, I posted notices about the email problem on discussion boards as well as Facebook and LinkedIn. A computer consultant replied that in years past that he had been successful in recovering all his Yahoo mail, not just those within the last 48-hour period. That conversation offered a ray of hope.
Upon further investigation, I realized that my client had a Yahoo small business account that she had registered under her domain name. With that in mind, I searched online and located a support phone number for Yahoo business customers. I called that number and explained the situation to the support representative who answered the phone. After I supplied answers to the security questions that my client had provided to me, the support rep advised me to make sure that any important emails that were still visible in the client’s inbox had been backed up before going ahead with the message restore. This step mandated that I end the call prematurely and call the client back to determine which emails needed to be saved (turned out there were only three). I forwarded those messages to myself with the intention of forwarding them back to the client once the data restoration process had been completed.
Ending my conversation with my client, I called the Yahoo business support number again and spoke with a different representative. After I gave her the case number and providing answers to the security questions, she proceeded to initiate the data restore from her end. In our conversation, she mentioned that it isn’t customary for Yahoo to provide phone support of this nature for free email account holders and that she offered to help because my client was a business customer.
After a brief waiting period, the Yahoo rep announced that she had restored my client’s messages based on the parameters that I had supplied (restore mail from 12-16 hours ago). I verified that the missing messages and folders had been restored. After ending my call with Yahoo, I sent an email to my client telling her that her emails had been restored. She was happy and greatly relieved.