Cybercriminals have launched a new Yahoo phishing campaign which is trying to lure unaware users to a malicious phishing page by claiming that their Yahoo account has some security issues and that they need to follow a account confirmation procedure in order to not get blocked within 48 hours (two days).
The phishing mail contains the official logo of Yahoo and it also contains a button that is loaded with a hyperlink. Once the “Authentication Page” button has been clicked, the user will be navigated to Yahoo phishing page.
The Yahoo phishing page will collect any type of information which is passed via the website. The phishing page looks like the official Yahoo login screen but once you take a look at the domain name, you will see that you are not actually on the official Yahoo website.
The scammers and cybercriminals use the obtained information to hijack the Yahoo accounts of unaware and infected users. Once the cybercriminals gain access to the Yahoo account, they will use the account to spread their campaign. They will be able to use the contact list for future phishing campaigns.
So if you think that you have participated in a phishing scam, then immediately change your password by navigating to the official website and make sure that you inform your environment about possible malicious emails that might be send to them.
Yahoo Phishing email example
Below, you are able to see the malicious phishing email which we received. The scammers claim that our Yahoo account has some serious security issues and that we need to resolve them within 48 hours.
Subject: Account confirmation
Your account has some security issues. You would be blocked from sending and receiving emails if not confirmed within 48hrs of opening this automated mail.
You are required to fix the issues though the authentication page below