OK folks in 2013 I would have assumed that the following post would NOT be necessary, however, unfortunately I am discovering that I am wrong in my thinking so here goes. If you see it on the internet (which includes email, social media, websites), it does NOT MEAN IT’S REAL!!!!!!! A number of people have recently contacted me because they lost access to their yahoo accounts. Without explanation, one day the users could log in, the next day the “password was wrong” and they didn’t have access to their accounts anymore. In doing some research, because it isn’t normal for multiple clients to have the same password issue within days of each other (It really isn’t), I came across what I believe to be the offending email that triggered the problem.
At least 2 of the affected clients admitted to receiving the following email (as shown above), and also admitted that they believed it was true and clicked on it. Unfortunately, even though this looks like a legit email, IT ISNT. So lets review the email and see a few details, that were found when looking at the email source information (as shown below).
Email Showing Source Information
As you can see the “From” address is @sbcglobal.net (probably someone else who has had their account compromised) and the link address takes you to a page that looks just like a yahoo page but is in fact not a yahoo address. (The offending page has been taken down as of this post)
The goal of the scammer is to try to hi-jack your email address, so that they can spam all your contacts and then use your account to spam hundreds/thousands of others. Getting control of your account is how they cover their tracks. Always keep in mind that neither Yahoo or any email provider, or any bank, or for that matter any responsible company that has a web presence anywhere in the world will (NEVER) ever ask you for your password, pin, mothers maiden name, date of birth, or anything of that nature via an email. NO EXCEPTIONS NEVER NEVER NEVER. You should ignore and delete any of those emails immediately.
If you have responded to a scammer, you are putting yourself on their ‘potential sucker’ list, which will mean they will try to target you again because you will seem like an easy target. You will see more emails from the scammer (using other email addresses) using other fake names with all kinds of stories of needing your password, great jobs, lottery winnings, millions in the bank and desperate, lonely, sexy singles. In addition, the scammer will also sell (anything to make a buck) your email address to all his scamming buddies who will also send you dozens of fake emails all with the exact same goal, of tricking you again to either get more access to your accounts or to get money from you.
Protecting yourself from “phishing” or “spoofing”
(The following information comes from Yahoo! Help (http://help NULL.yahoo NULL.com/kb/index?page=content&y=PROD_ACCT&locale=en_US&id=SLN2092&impressions=true))
Refers to: Yahoo! Account , Mail , Mail Classic , Mobile Mail
“Phishing” or “spoofing” are terms used to describe attempts by fraudsters to steal someone’s important online information, such as passwords and private account information.
How fraudsters can steal your information:
- Fake websites and emails: They set up fake websites or email addresses that look exactly like those of trusted companies.
- Trick you into giving them your information: With these fake websites, they trick people into disclosing their information, such as a user name and/or a password.
- They can look just like a real website: It’s hard to tell that you are on a fraudulent website as they can look nearly identical to the real thing.
If you think you’ve been phished:
- Change your password immediately: We recommend that you immediately change your password. For instructions, see our help page about how to change your password (http://help NULL.yahoo NULL.com/kb/index?page=content&id=SLN2035).
Learn more about protecting yourself:
- Visit the Yahoo! Security Center: Go to the Yahoo! Security Center (http://security NULL.yahoo NULL.com/) to see more information on different ways that you can protect yourself while online.
- Use a Yahoo! sign-in seal: Once you create a sign-in seal, Yahoo! Sign-in pages will display your sign-in seal so you’ll know you’re on a legitimate Yahoo! site. Learn how to create yours on our help page about creating a sign-in seal (http://help NULL.yahoo NULL.com/kb/index?page=content&id=SLN2089).
What you can do to protect yourself on the web
- Emails – Before responding to any email asking for information, go to your favorite search engine (Google, Bing, Yahoo!, Ask, etc.) and search for information from the email. You can search for things like “Yahoo account verification email (https://www NULL.google NULL.com/#hl=en&sugexp=les%3Bcqn%2Crate_low%3D0 NULL.035%2Crate_high%3D0 NULL.035%2Cmin_length%3D2%2Ccconf%3D1 NULL.2%2Csecond_pass%3Dfalse%2Cnum_suggestions%3D1%2Cignore_bad_origquery%3Dtrue%2Conetoken%3Dfalse&gs_rn=0&gs_ri=hp-qn&tok=DMp3jD4DRbwkxsYI5g12bw&cp=27&gs_id=24&xhr=t&q=yahoo+account+verification+email&es_nrs=true&pf=p&safe=off&tbo=d&sclient=psy-ab&oq=yahoo+account+verification+&gs_l=&pbx=1&bav=on NULL.2,or NULL.r_gc NULL.r_pw NULL.r_cp NULL.r_qf NULL.&bvm=bv NULL.41524429,d NULL.b2I&fp=a4515464a2207b62&biw=1280&bih=923)”, and you will find many others with posts about the scams. In your searches you can always include website addresses, names used, companies mentioned, phone numbers given, all email addresses, even sentences from the emails that look suspicious.
- Links – When in doubt don’t click on a link, type it out. Bad guys have tricks they can use to redirect your page, so that it looks like your on a legit page when in fact you are not, when clicking on links.
- Don’t bother trying to unsubscribe from scam emails, it isn’t worth your effort. The scammer has one job in life, convincing victims to send in their data or their hard-earned cash. Hitting unsubscribe only sends a notice to the scammer telling them that your email address is legit and in use.
- Don’t just randomly share / forward offers for “free ipads” or “save a child” you don’t really know before verifying doing your research on its legitimacy. That rule is for social media as well as emails.
- If you sign into your email using firstname.lastname@example.org and your password is 191919, when you set up your bank account do not use the same password. If a scammer gets access to your email, they will see your emails, if you happen to have an email from your bank, they will see what bank it is, if you have the same user name and password at the bank, guess what they are in and will have full control of your bank account as well. Same rule applies for Amazon, iTunes or any other site that someone could spend money ( or more specifically your money)……you don’t want to make it that easy for them.