Monday, May 16, 2022
Yahoo spear phishing attack
Yahoo spear phishing attack

New Phishing attack targets Yahoo! users

Security specialists are cautioning users of British Telecom (BT) Yahoo! as well as the usual Yahoo! Mail for being vigilant of fake notifications wherein they are directed for confirming their account details, thus published in news on February 28, 2013.

Titled as “Final warning!!!” the scam electronic mail addressing the recipient as ‘customer,’ tells him that his incoming e-mails have been put on hold owing to the e-mail client’s recent upgrade. Consequently, he requires validating his account for having his mail work like before via clicking on a web-link embedded on the message, the e-mail states.

But upon doing so, users are led onto one site which mimics the login page of Yahoo. Notably, the URL in the web-link is totally unrelated to the actual Yahoo as also it’s unsecured thus making the given Yahoo! site wholly fake.

Meanwhile, users who may submit the username and password of their Yahoo account into the login area of the bogus website would automatically and quickly get navigated onto the actual Yahoo website. Thinking that there’s been certain unimportant glitch, many users may once more enter their login details, however, inside the original Yahoo! website devoid of paying considerable attention to the problem of dual login. As a result, the login details will get transferred onto an unintended destination where the perpetrators of the phishing scam wait to grab the information, security specialists emphasize.

And soon as the information is collected, cyber-criminals will access their victims’ Yahoo! accounts, change the passwords thereby blocking the actual account-owners’ access to the accounts followed with utilizing the compromised accounts for more scam and spam operations, alternatively just trade the data with other scammers.

Thus, according to the experts, anyone getting victimized with the current scam must reset his passwords instantly, as well as for a single password to log into several accounts they must reset each of them.

In the meantime, in a similar phishing scam supposedly from Yahoo! however, really from online fraudsters, back in April 2012, the phishing electronic mail masquerading as Yahoo! suggested clients for adopting the latest Yahoo Mail upgrade, experts said.


About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …