Yahoo Users are Targeted by Phishing E-mail Campaign

A new phishing email attack is currently trying to con Yahoo users into handling over their account details, warn researchers with Zscaler ThreatLabz.

The email has a spoofed FROM address (@yahoo.com) with title: "Last warning!! Update Now".

The text of the phony emails tells its recipients that they have one essential email alert. As a result, it (Yahoo) suggests the mail recipients to update their account and rectify the problem.

The recipients are told to click on a link http://update.yahoo.com/ so as to move on. They are threatened that if they fail to do this their account will be discarded or deactivated.

The email ends with formal thanks for recipients' co-operation.

The email concludes with regards from Yahoo! Mail Account Services.

Users who end up clicking on the link contained within the email are taken to a phishing page.

Besides, spoofing the Yahoo message and login systems, the attack seems to capitalize on confusion lingering of changes at Yahoo to latest services and interfaces.

The Yahoo mail classic interface is now being closed by Yahoo and Yahoo is also forcing subscribers to their latest email platform," said Julien Sobrier a Researcher with Zscaler ThreatLabz, as published by v3.co.uk on June 6, 2013.

The attack can also con users confused about the shift, many websites are undertaking to new security podium and protections. Although the starting of 2FA or two-factor authentication has been extensively hailed by experts as a precious extra security feature, puzzlement over how many such machines will rollout can leave users in danger.

Two-factor authentication or 2FA has been in the reports a little lately as Twitter and LinkedIn have begun to suggest the feature, explained Sobrier, in another statement published by research.zscaler.com on June 4, 2013. "We observed an instance whereby a cyber crook actually took benefit of the news of 2FA to help in an attack."

Conclusively, it is not the first time that Yahoo subscribers have been targeted by phishing scam. In April 2012, email supposing to be from Yahoo declaring that users email account limit have been crossed and warning that the account will be deferred if it is not confirmed within 24 hours were found.

» SPAMfighter News - 6/14/2013