Users of Yahoo Targeted by Phishing Email Campaign
Hotforsecurity.com published news during second week of December 2014 quoting a warning of security firm Bitdefender as "Yahoo users are being targeted by a new phishing email campaign which helps hackers to seize their credentials and hijack accounts.
The phishing campaign starts by sending messages bypassing the anti-spam filters of the email provider (Yahoo) to reach Inbox folder. Security vendor says that the e-mails pose as "mail activity reports" and copy the format of Yahoo email to look genuine.
The fake email warns users that their storage limits have been surpassed and need a free upgrade to continue the usage of Yahoo Mail. An inserted malicious link quickly redirects to a copycat sign-in page which tricks innocent users into giving their passwords and usernames.
Security experts insists that good-quality third party software can help you to identify a scam email.
Moreover, the grammar used in such email is so awkward and the punctuation with all over wrong capitalization and nonsensical marks is a clear indication of a fake email.
Further, Yahoo would never provide a link in an email (like in the above case) and ask for information like passwords and usernames with such emails.
Most of the phishing attacks are careless and dumb like this one but they are effective because they make users afraid of losing a favorite online service. Experts add that phishing has been around for many years and remains a persistent e-threat.
Experts advise that if you receive an email which requests you to sign in somewhere, then you must check the email address, content and the format very carefully before you actually click.
Moreover, this is not the first time that Yahoo has been attacked by such phishing campaign because in April 2012, security pundits intercepted phishing emails seems to be from Yahoo claiming that the limit of email account of the recipient has been exceeded and giving a warning that the account will be suspended if it is not verified within 24 hours by the account's holder. The email however, when examined thoroughly was nothing but an attempt by phishers to gather account details of users.