Cybercriminals have launched a new Yahoo phishing campaign which is trying to lure unaware users to a malicious phishing page by claiming that their Yahoo account has some security issues and that they need to follow a account confirmation procedure in order to not get blocked within 48 hours (two days).
The phishing mail contains the official logo of Yahoo and it also contains a button that is loaded with a hyperlink. Once the “Authentication Page” button has been clicked, the user will be navigated to Yahoo phishing page.
The Yahoo phishing page will collect any type of information which is passed via the website. The phishing page looks like the official Yahoo login screen but once you take a look at the domain name, you will see that you are not actually on the official Yahoo website.
The scammers and cybercriminals use the obtained information to hijack the Yahoo accounts of unaware and infected users. Once the cybercriminals gain access to the Yahoo account, they will use the account to spread their campaign. They will be able to use the contact list for future phishing campaigns.
So if you think that you have participated in a phishing scam, then immediately change your password by navigating to the official website and make sure that you inform your environment about possible malicious emails that might be send to them.
Yahoo Phishing email example
Below, you are able to see the malicious phishing email which we received. The scammers claim that our Yahoo account has some serious security issues and that we need to resolve them within 48 hours.
Subject: Account confirmation
Your account has some security issues. You would be blocked from sending and receiving emails if not confirmed within 48hrs of opening this automated mail.
You are required to fix the issues though the authentication page below
Thanks for using Yahoo!
The example above is a Phishing attack, it is possible that cybercriminals and hackers will use spear-phishing attacks to obtain specific information.
Phishing email example 2
Dear Yahoo user,
Your recent messages are pending, because your storage limit has surpassed.
You need to upgrade mail storage(For free). To restore normal message delivery.
Use this link to upgrade_quota
Spear phishing attacks are often used by cybercriminals when they want to target a specific organization or environment. The cybercriminals behind a spear phishing campaign will make sure that they have all the information which will allow them to increase their hit rate. They will investigate the company website and employees for vulnerabilities and information. Information like email addresses are collected from open source environments like the company website and linkedIn. The collected information will then be used in the spear phishing campaign.
The spear phishing campaign will also use aspects that are known to the targeted environment. For example, they will claim that they are the IT support team from the IT service provider that provides the service to the company.
So please stay vigilant and aware, the scammers will often try various techniques and messages to lure unaware users to their malicious page.