Yahoo users are again slammed by fraudsters who steal their credentials and block their accounts. The e-mails look like coming from a biology education platform, and warn users their accounts were deleted. The phishing messages manage to avoid the e-mail provider’s antispam filters and flood many inboxes.
Users are tricked to give away their credentials with well-crafted e-mails about a fake “Yahoo! Email Deletion.”
“Dear Subscriber, you requested your Email Account on April. 01, 2013 at 03:07 PM CS to be deactivated and deleted from a location with this IP number; 18.104.22.168,” the phishing messages read. “Click on [link removed] to cancel this request; else your email account will be deactivated and deleted within 24 hours.”
Scammers even warn victims to be mindful about the dangers they’re exposed to online. “Do not share your password with anyone for your security purpose,” the bogus e-mails read. Fraudsters also thank their victims for being “loyal Yahoo! Mail users.”
At the same time, e-mails purportedly from PayPal trick users with a similar “deletion” scam, Hoax Slayer reports. Cyber-criminals manage to steal their login details through a message that replicates official e-mails of the payment company. PayPal is one of the most targeted organizations in phishing attacks.
The year didn’t start well for Yahoo users, whose accounts were hijacked via an XSS-type attack. Scammers gain control over the victims’ contact list, using it to send spam and even malware-embedded links.
In 2012, Yahoo users were also targeted by several phishing attacks. The most “iconic” scammer was posing as the company’s manager, promising clients a significant prize from an e-mail registered at rival service Gmail.