Another phishing scam is targeting Yahoo users

A new phishing scam is targeting Yahoo users worldwide, this campaign could be ineffective if we share awareness about bad actors’ TTPs.

A new large-scale scam is trying to deceive Yahoo users that are receiving a phishing email that asks for “Yahoo Account Confirmation.”

The phishing email claims to be sent by Yahoo, it requests to the owners of accounts to access their profile to solve a security issue. The phishing message invites Yahoo users to click on the “Authentication Page” button included in the message for fixing the security issue.

As usual the attackers behind the phishing campaign used social engineering techniques to convince victims to click on the button in order to authenticate themselves to the Yahoo platform.

The message urges users to complete the authentication procedure in order to avoid the suspension of the account.

“your account will be blocked within 48 hours and you won’t be able to send or receive emails.”

 

By clicking on the button embedded in the malicious emails, users are redirected to a fake website that appears as an exact copy of the legitimate one.

The bogus page will ask Yahoo users for their Yahoo ID and Password, of course, bad actors managing the campaign aim to collect users’ credentials and any other information that could allow them to compromise the Yahoo account.

The hijacked Yahoo account could be sold in the underground or could be used to send out other scam messages and spam emails on behalf of the victims.

As usual let me suggest you to avoid opening any unsolicited email that ask you to perform an action urgently. Never open any attachment neither click on a URL embedded in the body of the messages.

If you know the TTPs of your enemy you will avoid problems 😉

Pierluigi Paganini

(Security Affairs –  Yahoo, scam)