Skip to main content

Phishers Target Yahoo Mail Users

Phishing attacks are usually easy to avoid, but as long as people keep falling for them, scammers will keep using them. A recent con targets Yahoo Mail users, but despite an ever-so-slightly convincing layout, avoiding it is not difficult, especially if you have Internet security software installed.

Information about the attack comes from Bucharest-based security company Bitdefender's HotforSecurity blog. Yahoo Mail users receive an email from "Yahoo!" entitled "Mail Activity Reports." The first giveaway is that despite the Yahoo! username, the attacker's email address does not match the official Yahoo Mail account.

MORE: 100+ Tech Gift Ideas for Holiday 2014

The email warns users that their storage limits have been surpassed, and that will need a free upgrade to continue using Yahoo Mail. An embedded link takes them to an "upgrade" site, which asks them to sign in with their Yahoo credentials. Cybercriminals then steal the credentials and use it to access users' email records, personal information and financial statements (if possible).

Bitdefender's blog points out that Bitdefender software blocks the malicious site by default, but you don't actually need third-party software to know that this is a scam. For one thing, the grammar is awkward, and the punctuation is all over the place, with errant capitalization and nonsensical marks. Furthermore, Yahoo would never provide a link without writing out the URL for users who prefer (wisely) to not click text links in emails.

Most phishing attacks are dumb and careless, just like this one, but they work because they make users fearful of losing a favorite online service. If you get an email that requests that you sign in somewhere, make sure to check the email address, the content and the format very carefully before you actually click through.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.