Yahoo phishing scam
November 21st, 2007I got the following email in one of my Yahoo accounts today.
Subject: Yahoo!!!Unused Account Removal Confirm Your Account
Dear Account User
This Email is from Yahoo! Customer Care and we are sending it to every Yahoo! Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Yahoo! accounts so we are shutting down some Yahoo! accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account.If you are still interested please confirm your account by filling the space below. Your User name,Password,Date Of Birth (DOB) and your Country information would be needed to verify your account.Due to the congestion in all Yahoo! users and removal of all unused Yahoo! Accounts, Yahoo! would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
* User name: …………………………
* Password: …………………………..
* Date of Birth: ……………………….
* Country Or Territory: …………….
After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.
Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.
___________________________________________________________________________________Copyright © 2007 Yahoo! Inc. All rights reserved. Copyright/IP Policy | Terms of Service | Guide to Online Security
NOTICE: We collect personal information on this site.
To learn more about how we use your information, see our Privacy Policy
Despite the fact that the email appeared to be from Yahoo, by reading the full headers of the email, it becomes clear that the originating email address was not from the yahoo.com domain. Even without that clue, however, I knew this was bogus. No one from Yahoo will be sending a en mail to you, without the name your account is in, asking for your password.
Never, ever reply to such mail in any way, including clicking any links that promise to remove your info from their list. In this case, since it was sent to a Yahoo account, and purported to be Yahoo, I wanted to alert Yahoo about the incident, so that (hopefully) action could be taken against the sender. I made sure to paste in the Full Headers of the email, and forwarded to mail-spoof(at)cc.yahoo-inc(dot)com
phishing
An attempt to steal passwords and private account information through fake web sites and emails that look like those of trusted companies. A phishing web site or email can look identical to the real thing, so it can be hard to tell that it’s fake. Phishing schemes can also use instant messages, typically when an account is compromised. In this case, the fraudster sends phishing messages to the contacts in the account’s Messenger or friend list.